CVE-2025-30353

HIGH Year: 2025
CVSS v3 Score
8.6
High
Weakness Type
CWE-200
View all →

Vulnerability Description

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user accountability information, and operational data. This issue poses a significant security risk, as any unintended exposure of this data could lead to potential misuse. Version 11.5.0 fixes the issue.

Related Vulnerabilities

CVE-2015-7932

HIGH
CVSS:8.6(High)

Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network.

CWE-2002015

CVE-2015-7934

HIGH
CVSS:8.6(High)

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.

CWE-2002015

CVE-2015-8555

HIGH
CVSS:8.6(High)

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains t...

CWE-2002015

CVE-2016-0904

HIGH
CVSS:8.6(High)

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to d...

CWE-2002016

CVE-2017-2317

HIGH
CVSS:8.6(High)

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause...

CWE-2002017

CVE-2018-16288

HIGH
CVSS:8.6(High)

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.

CWE-2002018