VDB

CVE-2025-21609

CVE-2025-21609 PUBLISHED CVSS 8.699999809265137 HIGH

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19.

EPSS 0.37% · 59.1th percentile

Risk Scores

CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.37%
59.1th percentile

Affected Products

VendorProductVersions
github.comsiyuan-note/siyuan/kernel0, 0
siyuan-notesiyuan= 3.1.18, = 3.1.18
b3logsiyuan3.1.18, 3.1.18

Timeline

  • Jan 21, 1970 Security Advisory
  • Jan 3, 2025 CVE Published
  • Jan 3, 2025 PoC Published
  • Jan 3, 2025 PoC Published
  • Jan 4, 2025 EPSS Score
  • Jan 20, 2025 EPSS Score
  • Feb 5, 2025 EPSS Score
  • Feb 8, 2025 Coalition ESS Score
  • Feb 21, 2025 EPSS Score
  • Mar 8, 2025 EPSS Score
  • Mar 24, 2025 EPSS Score
  • Apr 9, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›