Project Subscriptions
No data.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-25728 | Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container bind-mounts an arbitrary host path, these symlinks can point to sensitive locations on the host filesystem. When the application or other processes follow these symlinks, the attacker can gain unauthorized read access to host files outside the container. This issue has been patched in version 1.0.1. |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 25 Aug 2025 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container bind-mounts an arbitrary host path, these symlinks can point to sensitive locations on the host filesystem. When the application or other processes follow these symlinks, the attacker can gain unauthorized read access to host files outside the container. This issue has been patched in version 1.0.1. | |
| Title | Airlink's Daemon Symlink Vulnerability | |
| Weaknesses | CWE-61 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-08-25T17:52:01.098Z
Reserved: 2025-08-20T14:30:35.009Z
Link: CVE-2025-57802
Updated: 2025-08-25T17:51:49.344Z
Status : Awaiting Analysis
Published: 2025-08-25T18:15:30.913
Modified: 2025-08-25T20:24:45.327
Link: CVE-2025-57802
No data.
OpenCVE Enrichment
No data.
EUVD