CVE-2025-67488 — HIGH (7.8)

Q: How severe is CVE-2025-67488?

CVE-2025-67488 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-67488?

Check the references section above for vendor advisories and patch information. Affected products include: B3Log Siyuan.

Vulnerability Description

SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, and can escalate to full code execution under some circumstances. A fix is planned for version 3.5.0.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
B3Log	Siyuan	< 3.5.0

Related Weaknesses (CWE)

CWE-22

References

https://github.com/siyuan-note/siyuan/blob/dae6158860cc704e353454565c96e874278c6Product
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gqfv-g4v7-m366ExploitVendor Advisory

FAQ

What is CVE-2025-67488?

CVE-2025-67488 is a vulnerability with a CVSS score of 7.8 (HIGH). SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing a...

How severe is CVE-2025-67488?

CVE-2025-67488 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-67488?

Check the references section above for vendor advisories and patch information. Affected products include: B3Log Siyuan.