Skip to content

Commit c67bd45

Browse files
jasnowRubySec CI
jasnow
authored and
RubySec CI
committed
Updated advisory posts against rubysec/ruby-advisory-db@bc76a85 
1 parent bffecbf commit c67bd45

File tree

2 files changed

+57
-0
lines changed

2 files changed

+57
-0
lines changed

advisories/_posts/2025-06-13-CVE-2025-28382.md

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2025-28382 (openc3-cosmos-tool-iframe): OpenC3 COSMOS Vulnerable to Directory
4+
Traversal via openc3-api/tables endpoint'
5+
comments: false
6+
categories:
7+
- openc3-cosmos-tool-iframe
8+
advisory:
9+
gem: openc3-cosmos-tool-iframe
10+
cve: 2025-28382
11+
ghsa: cf8v-5mrc-jv7f
12+
url: https://github.com/advisories/GHSA-cf8v-5mrc-jv7f
13+
title: OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint
14+
date: 2025-06-13
15+
description: |
16+
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS
17+
6.0.0 allows attackers to execute a directory traversal.
18+
cvss_v3: 7.5
19+
unaffected_versions:
20+
- "< 6.0.0"
21+
notes: Never patched
22+
related:
23+
url:
24+
- https://nvd.nist.gov/vuln/detail/CVE-2025-28382
25+
- https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework
26+
- https://openc3.com
27+
- https://github.com/advisories/GHSA-cf8v-5mrc-jv7f
28+
---

advisories/_posts/2025-06-13-CVE-2025-28384.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2025-28384 (openc3-cosmos-tool-iframe): OpenC3 COSMOS Vulnerable to Directory
4+
Traversal via /script-api/scripts/ endpoint'
5+
comments: false
6+
categories:
7+
- openc3-cosmos-tool-iframe
8+
advisory:
9+
gem: openc3-cosmos-tool-iframe
10+
cve: 2025-28384
11+
ghsa: p67j-387g-75wc
12+
url: https://github.com/advisories/GHSA-p67j-387g-75wc
13+
title: OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/
14+
endpoint
15+
date: 2025-06-13
16+
description: |
17+
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS
18+
6.0.0 allows attackers to execute a directory traversal.
19+
cvss_v3: 9.1
20+
unaffected_versions:
21+
- "< 6.0.0"
22+
notes: Never patched
23+
related:
24+
url:
25+
- https://nvd.nist.gov/vuln/detail/CVE-2025-28384
26+
- https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework
27+
- https://openc3.com
28+
- https://github.com/advisories/GHSA-p67j-387g-75wc
29+
---

0 commit comments

Comments
 (0)