See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2025-24786

CVSS 3.1 Score 10 of 10 (high)

Details

Published Feb 6, 2025

CWE ID 22

CWE ID 35

Summary

CVE-2025-24786 is a vulnerability affecting WhoDB, an open-source database management tool. The issue lies in the lack of path traversal prevention, enabling unauthenticated attackers to open any Sqlite3 database present on the host machine. Despite the application only displaying databases in the default directory "/db", an attacker can exploit this weakness by manipulating the user-controlled database file value and using it to open databases located outside of this directory. This vulnerability, which has no known workarounds, has been addressed in WhoDB version 0.45.0. All users are advised to upgrade as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database