PT-2025-43142 · Undefined · Undefined
Published
2025-10-22
·
Updated
2025-10-22
·
CVE-2025-61035
CVSS v3.1
7.7
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
seffaflik versions prior to 0.1.0
Description
Incorrect default permissions are assigned to the
.kimlik file (mode 0777) and the .seffaflik file (mode 0775), which exposes secrets to other local users. Furthermore, the .kimlik file is written without symlink checks, enabling local attackers to overwrite arbitrary files. This may lead to information disclosure and denial of service.Recommendations
Update to a version later than 0.0.9.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Undefined