CVE-2025-61035

Published: Oct 22, 2025Modified: Oct 27, 2025

7.7

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.5 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, exposing secrets to other local users. Additionally, the .kimlik file is written without symlink checks, allowing local attackers to overwrite arbitrary files. This can result in information disclosure and denial of service.

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (3)

https://github.com/nurisensoy/seffaflik

Source: cve@mitre.org

https://github.com/nurisensoy/seffaflik/issues/3

Source: cve@mitre.org

https://pypi.org/project/seffaflik/

Source: cve@mitre.org

Timeline

No history available yet.