CVE-2025-45237

Name of the Vulnerable Software and Affected Versions DBSyncer version 2.0.6

Description The issue is related to incorrect access control in the component /config/download of DBSyncer, allowing attackers to access a JSON file that contains sensitive account information, including the encrypted password.

Recommendations For DBSyncer version 2.0.6, consider restricting access to the /config/download component to prevent unauthorized access to sensitive information. As a temporary workaround, restrict access to the JSON file containing sensitive account information until a patch is available.