CVE-2025-50184

Vulnerability Description

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8.

Related Weaknesses (CWE)

References

• https://github.com/dbgate/dbgate/commit/18b11df672b5a887bc17a6b9fdd13f9742c8f98e
• https://github.com/dbgate/dbgate/security/advisories/GHSA-2fp9-29gv-p5gm

FAQ

What is CVE-2025-50184?

CVE-2025-50184 is a documented vulnerability. DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended...

How severe is CVE-2025-50184?

CVSS scoring is not yet available for CVE-2025-50184. Check NVD for updates.

Is there a patch for CVE-2025-50184?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.