CVE-2025-55746 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechani…
Critical CVSS: 9.3

CVE-2025-55746

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents (without changes being applied to the files' database-resident metadata) and / or upload new files, with arbitrary content and extensions, which won't show up in the Directus UI. This vulnerability is fixed in 11.9.3.
Vendor
Monospace
Product
Directus
CWE
CWE-73
Yayın Tarihi
2025-08-20 18:15:35
Güncelleme
2026-01-13 18:29:53
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-73 Directus CRITICAL Monospace 2025

Referanslar

https://github.com/directus/directus/commit/d84dcc36f75fc5c858d43746b8f9c426c38d696b https://github.com/directus/directus/security/advisories/GHSA-mv33-9f6j-pfmc