QwikSec

Security Database

CVE

CWE

Training

CVE-2025-65952

Published: Nov 25, 2025

Modified: Nov 26, 2025

PUBLISHED

Description

Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This issue has been patched in version 2.8.0.

Vendor	Product	Versions
iiDk-the-actual	Console	affected `< 2.8.0`

Weaknesses (CWE)

References

https://github.com/iiDk-the-actual/Console/security/advisories/GHSA-c3f7-xh45-2xc7

x_refsource_CONFIRM

https://github.com/iiDk-the-actual/Console/commit/4bcb1cf23ef78f8e6899dd6fe3afa3b24902e458

x_refsource_MISC

https://github.com/iiDk-the-actual/Console/commit/e1005b8754594ad463ae58f8a99decda548b1826

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.