CVE-2025-34171

Name of the Vulnerable Software and Affected Versions CasaOS versions up to and including 0.4.15

Description CasaOS versions up to and including 0.4.15 have unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image API endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, revealing installed applications and configuration details. The /v1/sys/debug API endpoint discloses host operating system, kernel, hardware, and storage information. These endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks. The user-controlled path parameter in the /v1/users/image endpoint is a key component of the issue.

Recommendations CasaOS versions prior to 0.4.15 should be used.