How severe is CVE-2023-25168?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2023-25168?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2023-25168 - HIGH Severity | CVSS 8.2

Vulnerability Description

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2011-1408

HIGH

CVSS:8.2(High)

ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.

CWE-592011

CVE-2018-1630

HIGH

CVSS:8.2(High)

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-F...

CWE-592018

CVE-2018-1631

HIGH

CVSS:8.2(High)

CWE-592018

CVE-2018-1632

HIGH

CVSS:8.2(High)

CWE-592018

CVE-2018-1633

HIGH

CVSS:8.2(High)

CWE-592018

CVE-2018-1634

HIGH

CVSS:8.2(High)

CWE-592018