Vulnerability Details CVE-2025-58431
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v2_1/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.5%
CVSS Severity
CVSS v3 Score 6.2
References
Products affected by CVE-2025-58431
-
cpe:2.3:o:zimaspace:zimaos:-
-
cpe:2.3:o:zimaspace:zimaos:0.4.8
-
cpe:2.3:o:zimaspace:zimaos:0.4.8.1
-
cpe:2.3:o:zimaspace:zimaos:0.4.9
-
cpe:2.3:o:zimaspace:zimaos:0.4.9.1
-
cpe:2.3:o:zimaspace:zimaos:0.4.9.2
-
cpe:2.3:o:zimaspace:zimaos:0.4.9.3
-
cpe:2.3:o:zimaspace:zimaos:0.4.9.4
-
cpe:2.3:o:zimaspace:zimaos:0.5.0
-
cpe:2.3:o:zimaspace:zimaos:1.0.0
-
cpe:2.3:o:zimaspace:zimaos:1.1.0
-
cpe:2.3:o:zimaspace:zimaos:1.2.2
-
cpe:2.3:o:zimaspace:zimaos:1.2.3
-
cpe:2.3:o:zimaspace:zimaos:1.2.4
-
cpe:2.3:o:zimaspace:zimaos:1.2.5
-
cpe:2.3:o:zimaspace:zimaos:1.3.0
-
cpe:2.3:o:zimaspace:zimaos:1.3.0-1
-
cpe:2.3:o:zimaspace:zimaos:1.3.0-2
-
cpe:2.3:o:zimaspace:zimaos:1.3.1
-
cpe:2.3:o:zimaspace:zimaos:1.3.1-1
-
cpe:2.3:o:zimaspace:zimaos:1.3.2
-
cpe:2.3:o:zimaspace:zimaos:1.3.2-1
-
cpe:2.3:o:zimaspace:zimaos:1.3.3
-
cpe:2.3:o:zimaspace:zimaos:1.4.0
-
cpe:2.3:o:zimaspace:zimaos:1.4.1