CVE-2025-67488

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SiYuan versions 0.0.0 through 20251202123337-6ef83b42c7ce

Description SiYuan is a self-hosted, open source personal knowledge management software. Versions 0.0.0 through 20251202123337-6ef83b42c7ce contain a flaw in the importZipMd function that allows for ZipSlips. An authenticated user with access to the import functionality in notes can overwrite files on the system, potentially leading to full code execution in some cases.

Recommendations Update to version 3.5.0 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-67488

GHSA-GQFV-G4V7-M366

GO-2025-4221

SUSE-SU-2026:0037-1

Affected Products

Siyuan

CVE-2025-67488

Weakness Enumeration

Related Identifiers

Affected Products

References · 85