Fcrepo

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-23012 HIGH This Month

Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fcrepo

NVD GitHub

CVSS 4.0

8.7

EPSS

0.1%

CVE-2025-23011 HIGH This Month

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fcrepo

NVD GitHub

CVSS 4.0

8.7

EPSS

2.1%

CVE-2025-23012

EPSS 0% CVSS 8.7

HIGH This Month

Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fcrepo

NVD GitHub

CVE-2025-23011

EPSS 2% CVSS 8.7

HIGH This Month

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fcrepo

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy