CVE-2025-21609

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-21609

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21609.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-21609

Aliases

Downstream

SUSE-SU-2025:0060-1

openSUSE-SU-2025:14624-1

Related

Published

2025-01-03T16:26:36.420Z

Modified

2026-02-13T02:48:34.249198Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

SiYuan has an arbitrary file deletion vulnerability

Details

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19.

Database specific

{
    "cwe_ids": [
        "CWE-459",
        "CWE-552"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21609.json"
}

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21609.json"