CVE-2025-66410

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-66410
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66410.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-66410
Aliases
Published
2025-12-01T22:28:59.982Z
Modified
2025-12-02T19:41:09.558703Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Gin-vue-admin has an arbitrary file deletion vulnerability
Details

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.

Database specific 
{
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Git / github.com/flipped-aurora/gin-vue-admin

Affected ranges

Type
GIT
Repo
https://github.com/flipped-aurora/gin-vue-admin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7d3e7b5b7af432cd6fee3c30e91960e6d20fe52a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.6"
        }
    ]
}

Affected versions

V2.*

V2.3.1
V2.3.7
V2.4.4
V2.5.0b

v.*

v.2.3.41

v0.*

v0.9.0

v2.*

v2.0.0
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.2.0
v2.3.0
v2.3.3
v2.3.31
v2.3.4
v2.3.5
v2.3.6
v2.3.8
v2.3.9
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.4-1
v2.4.5
v2.4.5Beta
v2.4.5RC
v2.4.6
v2.5.0
v2.5.0a
v2.5.1
v2.5.1b
v2.5.2
v2.5.3
v2.5.3b
v2.5.3beta
v2.5.4
v2.5.5
v2.5.6
v2.5.6-a
v2.5.7
v2.5.7-a
v2.5.8
v2.5.9
v2.5.9a
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.4-a
v2.6.5
v2.6.6
v2.6.7
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.9
v2.8.0
v2.8.1
v2.8.2
v2.8.2-a
v2.8.3
v2.8.4
v2.8.5
v2.8.6