216.73.217.86

CVE-2025-48935

· Published 04/06/2025 20:15 · Modified 05/06/2025 20:12

Labels: CVE-2025-48935 2025-06-04CVE-2025-48935CWE-863[email protected]

Essential information

Published
04/06/2025 20:15
Modified
05/06/2025 20:12
Author
Creator
CVSS
5.5 MEDIUM (v3) 5.5 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
deno / deno cpe:2.3:a:deno:deno:2.2.0-2.2.5:*:*:*:*:*:*:*
deno / deno cpe:2.3:a:deno:deno:<2.2.5:*:*:*:*:*:*:*

References