CVE-2025-20002

CVE-2025-20002

Name

CVE-2025-20002

Description

After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
ics-cert@hq.dhs.gov	https://github.com/GMOD/Apollo
ics-cert@hq.dhs.gov	https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

Type

URI

ics-cert@hq.dhs.gov

https://github.com/GMOD/Apollo

ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

CPE URI	Source package	Min version	Max version
	apollo	>= 0	< 2.8.0

CPE URI

Source package

Min version

Max version

apollo

>= 0

< 2.8.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
apollo	edge-community	0.3.1-r6	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.3.1-r5	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.3.1-r4	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.3.1-r3	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.3.1-r2	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.3.1-r1	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.3.1-r0	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.3.0-r3	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.3.0-r2	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.3.0-r1	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.3.0-r0	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.2.3-r2	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.2.3-r1	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	edge-community	0.2.3-r0	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	3.23-community	0.3.1-r6	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	3.23-community	0.3.1-r5	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	3.22-community	0.3.0-r7	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	3.22-community	0.3.0-r6	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	3.22-community	0.3.0-r5	David Sugar <tychosoft@gmail.com>	possibly vulnerable
apollo	3.22-community	0.3.0-r4	David Sugar <tychosoft@gmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

apollo

edge-community

0.3.1-r6

David Sugar <tychosoft@gmail.com>

possibly vulnerable

apollo

edge-community