What is the CVSS score of EUVD-2025-200119?

EUVD-2025-200119 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Gin Vue Admin are affected by EUVD-2025-200119?

CVE-2025-66410 is a critical vulnerability in Gin-vue-admin that allows attackers to delete any file on affected servers through parameter manipulation, potentially causing complete system outage or…. A patch is available.

Is there a public PoC exploit available for EUVD-2025-200119?

Yes, a public proof-of-concept exploit is available for EUVD-2025-200119. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-200119?

Within 24 hours: Identify all systems running Gin-vue-admin 2.8.6 or earlier and isolate them from production if possible; enable enhanced logging on affected systems. Within 7 days: Apply the available patch to all affected instances and validate successful deployment. Within 30 days: Conduct a forensic review of server logs to detect any unauthorized file deletion activity and verify system integrity.

Gin Vue Admin EUVD-2025-200119

| CVE-2025-66410 CRITICAL

Path Traversal (CWE-22)

2025-12-01 security-advisories@github.com

GHSA-jrhg-82w2-vvj7

Path Traversal Gin Vue Admin Suse

9.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

SUSE

8.7 HIGH

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-200119

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

Patch released

Mar 15, 2026 - 13:34 nvd

Patch available

PoC Detected

Feb 06, 2026 - 16:50 vuln.today

Public exploit code

CVE Published

Dec 01, 2025 - 23:15 nvd

CRITICAL 9.1

DescriptionGitHub Advisory

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.

Analysis

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

A vendor patch is available — apply it immediately. Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Vendor StatusVendor

SUSE

Severity: High

EUVD-2025-200119 vulnerability details – vuln.today

Back

Gin Vue Admin EUVD-2025-200119

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

Analysis

Technical ContextAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code