QwikSec

Security Database

CVE

CWE

Training

CVE-2025-48935

Published: Jun 4, 2025

Modified: Jun 4, 2025

PUBLISHED

Description

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue.

Vendor	Product	Versions
denoland	deno	affected `>= 2.2.0, < 2.2.5`

Weaknesses (CWE)

References

https://github.com/denoland/deno/security/advisories/GHSA-8vxj-4cph-c596

x_refsource_CONFIRM

https://github.com/denoland/deno/commit/31a97803995bd94629528ba841b2418d3ca01860

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2025-48935 - Security Vulnerability | QwikSec