CVE-2025-53887

Name of the Vulnerable Software and Affected Versions: Directus versions 9.0.0 through 11.8.99

Description: Directus is a real-time API and App dashboard for managing SQL database content. The exact Directus version number is exposed by the /server/specs/oas endpoint without authentication in versions prior to 11.9.0. This allows a malicious attacker to identify the specific running version and search for known vulnerabilities in Directus core or its dependencies.

Recommendations: Update to Directus version 11.9.0 or later.