CVE-2025-59049

Name of the Vulnerable Software and Affected Versions: Mockoon versions prior to 9.2.0

Description: Mockoon is a tool used to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving generates the server filename from user input, which is vulnerable to Path Traversal and Local File Inclusion (LFI). This allows an attacker to access any file within the mock server filesystem. The issue may be particularly relevant in cloud-hosted server instances.

Recommendations: Update to version 9.2.0 or later.