Skip to main content

Linkwarden EUVDEUVD-2025-19714

| CVE-2025-49588 HIGH
External Control of File Name or Path (CWE-73)
2025-07-02 security-advisories@github.com
8.7
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 01:55 euvd
EUVD-2025-19714
Analysis Generated
Mar 16, 2026 - 01:55 vuln.today
CVE Published
Jul 02, 2025 - 14:15 nvd
HIGH 8.7

DescriptionGitHub Advisory

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version 2.10.2, the server accepts links of format file:///etc/passwd and doesn't do any validation before sending them to parsers and playwright, this can result in leak of other user's links (and in some cases it might be possible to leak environment secrets). This issue has been patched in version 2.10.3 which has not been made public at time of publication.

AnalysisAI

A remote code execution vulnerability in Linkwarden (CVSS 8.7). High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type: remote code execution. CVSS 8.7 indicates high severity. Affects Linkwarden.

RemediationAI

Monitor vendor channels for patch availability.

Share

EUVD-2025-19714 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy