Vulnerability Description
CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icewhale | Casaos | <= 0.4.15 |
Related Weaknesses (CWE)
References
- https://casaos.zimaspace.com/Product
- https://github.com/IceWhaleTech/CasaOSProduct
- https://www.vulncheck.com/advisories/casaos-unauthenticated-file-and-debug-data-Third Party Advisory
FAQ
What is CVE-2025-34171?
CVE-2025-34171 is a vulnerability with a CVSS score of 5.3 (MEDIUM). CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/i...
How severe is CVE-2025-34171?
CVE-2025-34171 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-34171?
Check the references section above for vendor advisories and patch information. Affected products include: Icewhale Casaos.