CVE-2025-22152

Name of the Vulnerable Software and Affected Versions Atheos versions prior to v600

Description Atheos is a self-hosted browser-based cloud IDE. The issue is related to the lack of proper validation of the $path and $target parameters across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. This can be exploited through various attack vectors present in multiple PHP files.

Recommendations For versions prior to v600, update to v600 to fix the issue. As a temporary workaround, consider restricting access to the vulnerable parameters $path and $target to minimize the risk of exploitation.