CVE-2025-68462

Summary

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.

Affected Software

VendorProductVersion RangeStatus
DebianFreedomBox0 < 25.17.1affected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References