QwikSec

Security Database

CVE

CWE

Training

CVE-2025-47788

Published: May 15, 2025

Modified: May 19, 2025

PUBLISHED

Description

Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for the issue.

Vendor	Product	Versions
Atheos	Atheos	affected `< 602`

Weaknesses (CWE)

References

https://github.com/Atheos/Atheos/security/advisories/GHSA-x9vw-6vfx-7rx5

x_refsource_CONFIRM

https://github.com/Atheos/Atheos/commit/97fe76871578d2011ebe9281f3a005c5df85162b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.