CVE-2025-66398 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal stat…
Critical CVSS: 9.6

CVE-2025-66398

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files (e.g., `security.json`, `package.json`), leading to account takeover and Remote Code Execution (RCE). Version 2.19.0 patches this vulnerability.
Vendor
Signalk
Product
Signal K Server
CWE
CWE-78
Yayın Tarihi
2026-01-01 18:15:40
Güncelleme
2026-01-06 18:34:31
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-78 Signal K Server CRITICAL Signalk 2026

Referanslar

https://github.com/SignalK/signalk-server/releases/tag/v2.19.0 https://github.com/SignalK/signalk-server/security/advisories/GHSA-w3x5-7c4c-66p9