CVE-2025-53885

Name of the Vulnerable Software and Affected Versions: Directus versions 9.0.0 through 11.8.9

Description: Directus is a real-time API and App dashboard for managing SQL database content. When using Directus Flows to handle CRUD events for users, the "Log to Console" operation with a template string can be exploited by malicious administrators to log sensitive data from other users during creation or update processes.

Recommendations: Update to Directus version 11.9.0 or later. Avoid logging sensitive data to the console outside of development environments.