CVE-2025-28382

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-28382

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-28382.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-28382

Aliases

GHSA-cf8v-5mrc-jv7f

Published

2025-06-13T14:15:20.440Z

Modified

2025-11-16T15:26:08.526860Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.

References

Affected packages

Git / github.com/openc3/cosmos

Affected ranges

Type: GIT
Repo: https://github.com/openc3/cosmos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

165b29b9cdf33b7676cb3da80bf123937c09b8bc

Fixed

fc7e11310a7cdf9f1939886e1b29009db4d4b718

Affected versions

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.1.2

v3.2.0

v3.2.1

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.4.0

v3.4.1

v3.4.2

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.7.0

v3.7.1

v3.8.0

v3.8.1

v3.8.2

v3.8.3

v3.9.0

v3.9.1

v3.9.2

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.1.0

v4.1.1

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.3.0

v4.4.0

v4.4.1

v4.4.2

v4.5.0

v5.*

v5.0.0

v5.0.0-alpha.1

v5.0.0-beta.1

v5.0.0.beta2

v5.0.1

v5.0.10

v5.0.11

v5.0.2

v5.0.2-beta2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.1.0

v5.1.1

v5.10.0

v5.10.1

v5.11.0

v5.11.1

v5.11.2

v5.11.3

v5.12.0

v5.13.0

v5.14.0

v5.14.1

v5.14.2

v5.15.0

v5.15.1

v5.15.2

v5.16.0

v5.16.1

v5.16.2

v5.17.0

v5.17.1

v5.18.0

v5.19.0

v5.2.0

v5.20.0

v5.3.0

v5.4.0

v5.4.1

v5.4.2

v5.4.3-beta0

v5.5.0

v5.5.0-beta0

v5.5.1

v5.5.2

v5.5.2-beta0

v5.6.0

v5.6.1

v5.7.0

v5.7.2

v5.8.0

v5.8.1

v5.9.0

v5.9.1

v6.*

v6.0.0

v6.0.1

v6.0.2