DEBIAN-CVE-2025-68462

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-68462
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-68462.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-68462
Upstream
  • CVE-2025-68462
Published
2025-12-18T06:15:50.007Z
Modified
2026-01-10T14:08:09.425478Z
Severity
  • 3.2 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.

References

Affected packages

Debian:11 / freedombox

Package

Name
freedombox
Purl
pkg:deb/debian/freedombox?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

21.*

21.4.4
21.5
21.6
21.7~bpo11+1
21.7
21.8~bpo11+1
21.8
21.9~bpo11+1
21.9
21.10~bpo11+1
21.10
21.11~bpo11+1
21.11
21.12~bpo11+1
21.12
21.13
21.14
21.14.1~bpo11+1
21.14.1
21.15~bpo11+1
21.15
21.16~bpo11+1
21.16

22.*

22.1
22.2~bpo11+1
22.2
22.3~bpo11+1
22.3
22.4~bpo11+1
22.4
22.5~bpo11+1
22.5
22.6
22.6.1~bpo11+1
22.6.1
22.7~bpo11+1
22.7
22.8~bpo11+1
22.8
22.9~bpo11+1
22.9
22.10~bpo11+1
22.10
22.11~bpo11+1
22.11
22.12~bpo11+1
22.12
22.13~bpo11+1
22.13
22.14~bpo11+1
22.14
22.14.1~bpo11+1
22.14.1
22.15~bpo11+1
22.15
22.16
22.17
22.18
22.19~bpo11+1
22.19
22.20~bpo11+1
22.20
22.21
22.21.1~bpo11+1
22.21.1
22.22
22.22.1~bpo11+1
22.22.1
22.23~bpo11+1
22.23
22.24~bpo11+1
22.24
22.26~bpo11+1
22.26
22.27~bpo11+1
22.27

23.*

23.1~bpo11+1
23.1
23.2~bpo11+1
23.2
23.3~bpo11+1
23.3
23.4~bpo11+1
23.4
23.5~bpo11+1
23.5
23.6~bpo11+1
23.6
23.6.1~bpo11+1
23.6.1
23.6.2~bpo11+1
23.6.2
23.7
23.8
23.9
23.10
23.11
23.12~bpo12+1
23.12
23.13~bpo12+1
23.13
23.14~bpo12+1
23.14
23.15~bpo12+1
23.15
23.16~bpo12+1
23.16
23.17~bpo12+1
23.17
23.18~bpo12+1
23.18
23.19~bpo12+1
23.19
23.20~bpo12+1
23.20
23.21~bpo12+1
23.21

24.*

24.1~bpo12+1
24.1
24.2~bpo12+1
24.2
24.3~bpo12+1
24.3
24.4~bpo12+1
24.4
24.5~bpo12+1
24.5
24.6
24.7~bpo12+1
24.7
24.8~bpo12+1
24.8
24.9~bpo12+1
24.9
24.10~bpo12+1
24.10
24.11~bpo12+1
24.11
24.12~bpo12+1
24.12
24.13~bpo12+1
24.13
24.14~bpo12+1
24.14
24.15~bpo12+1
24.15
24.16~bpo12+1
24.16
24.17~bpo12+1
24.17
24.18~bpo12+1
24.18
24.19
24.20
24.20.1~bpo12+1
24.20.1
24.21~bpo12+1
24.21
24.22~bpo12+1
24.22
24.23~bpo12+1
24.23
24.24~bpo12+1
24.24
24.25~bpo12+1
24.25
24.26
24.26.1~bpo12+1
24.26.1

25.*

25.1~bpo12+1
25.1
25.2
25.3
25.3.1~bpo12+1
25.3.1
25.4
25.4.1~bpo12+1
25.4.1
25.5~bpo12+1
25.5
25.6~bpo12+1
25.6
25.7~bpo12+1
25.7
25.8~bpo12+1
25.8
25.9~bpo12+1
25.9
25.9.1~bpo12+1
25.9.1
25.9.2~bpo12+1
25.9.2
25.9.3~bpo12+1
25.9.3~bpo12+2
25.9.3
25.9.4
25.10~bpo13+1
25.10
25.11~bpo13+1
25.11
25.12~bpo13+1
25.12
25.13~bpo13+1
25.13
25.13.1~bpo13+1
25.13.1
25.14~bpo13+1
25.14
25.15~bpo13+1
25.15
25.16~bpo13+1
25.16
25.17~bpo13+1
25.17
25.17.1~bpo13+1
25.17.1

26.*

26.1~bpo13+1
26.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-68462.json"

Debian:12 / freedombox

Package

Name
freedombox
Purl
pkg:deb/debian/freedombox?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

23.*

23.6.2
23.6.2+deb12u1
23.7
23.8
23.9
23.10
23.11
23.12~bpo12+1
23.12
23.13~bpo12+1
23.13
23.14~bpo12+1
23.14
23.15~bpo12+1
23.15
23.16~bpo12+1
23.16
23.17~bpo12+1
23.17
23.18~bpo12+1
23.18
23.19~bpo12+1
23.19
23.20~bpo12+1
23.20
23.21~bpo12+1
23.21

24.*

24.1~bpo12+1
24.1
24.2~bpo12+1
24.2
24.3~bpo12+1
24.3
24.4~bpo12+1
24.4
24.5~bpo12+1
24.5
24.6
24.7~bpo12+1
24.7
24.8~bpo12+1
24.8
24.9~bpo12+1
24.9
24.10~bpo12+1
24.10
24.11~bpo12+1
24.11
24.12~bpo12+1
24.12
24.13~bpo12+1
24.13
24.14~bpo12+1
24.14
24.15~bpo12+1
24.15
24.16~bpo12+1
24.16
24.17~bpo12+1
24.17
24.18~bpo12+1
24.18
24.19
24.20
24.20.1~bpo12+1
24.20.1
24.21~bpo12+1
24.21
24.22~bpo12+1
24.22
24.23~bpo12+1
24.23
24.24~bpo12+1
24.24
24.25~bpo12+1
24.25
24.26
24.26.1~bpo12+1
24.26.1

25.*

25.1~bpo12+1
25.1
25.2
25.3
25.3.1~bpo12+1
25.3.1
25.4
25.4.1~bpo12+1
25.4.1
25.5~bpo12+1
25.5
25.6~bpo12+1
25.6
25.7~bpo12+1
25.7
25.8~bpo12+1
25.8
25.9~bpo12+1
25.9
25.9.1~bpo12+1
25.9.1
25.9.2~bpo12+1
25.9.2
25.9.3~bpo12+1
25.9.3~bpo12+2
25.9.3
25.9.4
25.10~bpo13+1
25.10
25.11~bpo13+1
25.11
25.12~bpo13+1
25.12
25.13~bpo13+1
25.13
25.13.1~bpo13+1
25.13.1
25.14~bpo13+1
25.14
25.15~bpo13+1
25.15
25.16~bpo13+1
25.16
25.17~bpo13+1
25.17
25.17.1~bpo13+1
25.17.1

26.*

26.1~bpo13+1
26.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-68462.json"

Debian:13 / freedombox

Package

Name
freedombox
Purl
pkg:deb/debian/freedombox?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.9.3+deb13u1

Affected versions

25.*

25.9.3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-68462.json"

Debian:14 / freedombox

Package

Name
freedombox
Purl
pkg:deb/debian/freedombox?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.17.1

Affected versions

25.*

25.9.3
25.9.4
25.10~bpo13+1
25.10
25.11~bpo13+1
25.11
25.12~bpo13+1
25.12
25.13~bpo13+1
25.13
25.13.1~bpo13+1
25.13.1
25.14~bpo13+1
25.14
25.15~bpo13+1
25.15
25.16~bpo13+1
25.16
25.17~bpo13+1
25.17
25.17.1~bpo13+1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-68462.json"