CVE-2025-46619

Published: Apr 30, 2025Modified: May 13, 2025

7.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Exploitability: 2.8 / Impact: 4.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of privileges, this vulnerability may grant access to files such as /etc/passwd or /etc/shadow.

Affected (2)

Products: Couchbase: Couchbase Server

1 product

Couchbase Server

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Couchbase Couchbase Server	From 2.0.0 to 7.2.7
Couchbase Couchbase Server	From 7.6.0 to 7.6.4

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://docs.couchbase.com/server/current/release-notes/relnotes.html

Source: cve@mitre.org

Release Notes

https://forums.couchbase.com/tags/security

Source: cve@mitre.org

Vendor Advisory

https://www.couchbase.com/alerts/

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.