{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-25206", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-02-03T19:30:53.401Z", "datePublished": "2025-02-14T16:47:04.660Z", "dateUpdated": "2025-02-14T17:28:44.566Z"}, "containers": {"cna": {"title": "Incorrect input validation could allow an authenticated user to read sensitive information", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/elabftw/elabftw/security/advisories/GHSA-qffc-rfjh-77gg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-qffc-rfjh-77gg"}, {"name": "https://github.com/elabftw/elabftw/releases/tag/5.1.15", "tags": ["x_refsource_MISC"], "url": "https://github.com/elabftw/elabftw/releases/tag/5.1.15"}], "affected": [{"vendor": "elabftw", "product": "elabftw", "versions": [{"version": "< 5.1.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-02-14T16:47:04.660Z"}, "descriptions": [{"lang": "en", "value": "eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if cookies are enabled (default setting). Users must upgrade to eLabFTW version 5.1.15 to receive a fix. No known workarounds are available."}], "source": {"advisory": "GHSA-qffc-rfjh-77gg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-14T17:26:47.510895Z", "id": "CVE-2025-25206", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-14T17:28:44.566Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25206", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-14T17:26:47.510895Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-14T17:27:30.508Z"}}], "cna": {"title": "Incorrect input validation could allow an authenticated user to read sensitive information", "source": {"advisory": "GHSA-qffc-rfjh-77gg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "elabftw", "product": "elabftw", "versions": [{"status": "affected", "version": "< 5.1.15"}]}], "references": [{"url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-qffc-rfjh-77gg", "name": "https://github.com/elabftw/elabftw/security/advisories/GHSA-qffc-rfjh-77gg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/elabftw/elabftw/releases/tag/5.1.15", "name": "https://github.com/elabftw/elabftw/releases/tag/5.1.15", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if cookies are enabled (default setting). Users must upgrade to eLabFTW version 5.1.15 to receive a fix. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-02-14T16:47:04.660Z"}}}, "cveMetadata": {"cveId": "CVE-2025-25206", "state": "PUBLISHED", "dateUpdated": "2025-02-14T17:28:44.566Z", "dateReserved": "2025-02-03T19:30:53.401Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-02-14T16:47:04.660Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*", "matchCriteriaId": "A071E270-6F23-4661-B29D-822485E1BA89", "versionEndExcluding": "5.1.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if cookies are enabled (default setting). Users must upgrade to eLabFTW version 5.1.15 to receive a fix. No known workarounds are available."}, {"lang": "es", "value": "eLabFTW es un cuaderno de laboratorio electr\u00f3nico de c\u00f3digo abierto para laboratorios de investigaci\u00f3n. Antes de la versi\u00f3n 5.1.15, una validaci\u00f3n de entrada incorrecta pod\u00eda permitir que un usuario autenticado leyera informaci\u00f3n confidencial, incluido el token de inicio de sesi\u00f3n u otro contenido almacenado en la base de datos. Esto pod\u00eda provocar una escalada de privilegios si se habilitaban las cookies (configuraci\u00f3n predeterminada). Los usuarios deben actualizar a la versi\u00f3n 5.1.15 de eLabFTW para recibir una soluci\u00f3n. No se conocen workarounds."}], "id": "CVE-2025-25206", "lastModified": "2025-08-18T18:23:58.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-14T17:15:19.327", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/elabftw/elabftw/releases/tag/5.1.15"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-qffc-rfjh-77gg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"created": "2025-07-12T15:26:13.416759+00:00", "updated": "2025-07-12T15:26:13.416808+00:00", "vendors": ["elabftw", "elabftw$PRODUCT$elabftw"]}