CVE Catalog

CVE-2025-34171

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.55%

42th percentile - higher than 42% of all known CVEs

Summary

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image and /v1/sys/debug endpoints can be abused to access files and disclose host OS, kernel, hardware, and storage details.

Risk Assessment

Disclosure of application configuration and system details can be used for reconnaissance, facilitating targeted follow-up attacks against services deployed on the host.

Recommendation

Immediately update CasaOS to a version newer than 0.4.15 that fixes this vulnerability. Until then, restrict access to the endpoints using a firewall or authentication.

Original NVD description (English source)

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS