QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-58431

Back to search

CVE-2025-58431

Published: Sep 17, 2025

Modified: Sep 17, 2025

PUBLISHED

Description

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v2_1/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT.

VendorProductVersions

IceWhaleTech

ZimaOS

affected
<= 1.4.1

Weaknesses (CWE)

CWE-250

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now