CVE-2025-67487 — HIGH (8.6)

Q: How severe is CVE-2025-67487?

CVE-2025-67487 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-67487?

Check the references section above for vendor advisories and patch information. Affected products include: Static-Web-Server Static Web Server.

Vulnerability Description

Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they could create symlinks to access other files outside the designated web root folder either by URL or via the directory listing. This issue is fixed in version 2.40.1.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Static-Web-Server	Static Web Server	<= 2.40.0

Related Weaknesses (CWE)

CWE-59 CWE-61

References

FAQ

What is CVE-2025-67487?

CVE-2025-67487 is a vulnerability with a CVSS score of 8.6 (HIGH). Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which can be used to access files or direc...

How severe is CVE-2025-67487?

CVE-2025-67487 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-67487?

Check the references section above for vendor advisories and patch information. Affected products include: Static-Web-Server Static Web Server.