CVE-2025-47788

Name of the Vulnerable Software and Affected Versions: Atheos versions prior to v602

Description: Atheos is a self-hosted browser-based cloud IDE. The $target parameter in "/controller.php" was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal.

Recommendations: For versions prior to v602, update to v602 to resolve the issue. As a temporary workaround, consider restricting access to the "/controller.php" endpoint to minimize the risk of exploitation. Avoid using the $target parameter in the affected endpoint until the issue is resolved.