CVE-2025-57802

Name of the Vulnerable Software and Affected Versions: Airlink versions prior to 1.0.1

Description: Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. An attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). These symlinks can point to sensitive locations on the host filesystem due to the container bind-mounting an arbitrary host path. When the application or other processes follow these symlinks, the attacker can gain unauthorized read access to host files outside the container.

Recommendations: Update to version 1.0.1 or later.