216.73.216.170

CVE-2025-24960

· Published 03/02/2025 21:15 · Modified 03/02/2025 21:15

Labels: CVE-2025-24960 2025-02-03CVE-2025-24960CWE-22[email protected]

Essential information

Published
03/02/2025 21:15
Modified
03/02/2025 21:15
Author
Creator
CVSS
8.7 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CVSS metrics

Description

Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admin(s), there is very little scope for abuse. However, the `DELETE` `files/:filename` can be used to delete any file. This issue has been addressed in version 1.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References