CVE-2025-66410 — Vulnetix

CVE-2025-66410 PUBLISHED CVSS 8.699999809265137 HIGH

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.

EPSS 0.15% · 35.2th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.15%

35.2th percentile

Affected Products

Vendor	Product	Versions
flipped-aurora	gin-vue-admin	<= 2.8.6
github.com	flipped-aurora/gin-vue-admin	0
gin-vue-admin_project	gin-vue-admin	0

Timeline

Nov 28, 2025 CVE ID Reserved
Dec 1, 2025 CVE Published
Dec 2, 2025 EPSS Score
Dec 2, 2025 PoC Published
Dec 2, 2025 CVE Updated
Dec 6, 2025 EPSS Score
Dec 11, 2025 EPSS Score
Dec 15, 2025 EPSS Score
Dec 20, 2025 EPSS Score
Dec 24, 2025 EPSS Score
Dec 28, 2025 EPSS Score
Jan 2, 2026 EPSS Score

References

https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-jrhg-82w2-vvj7 url
https://github.com/flipped-aurora/gin-vue-admin/commit/ee8d8d7e04d9c38a35a6969f20e75213e84f57c6 url
https://nvd.nist.gov/vuln/detail/CVE-2025-66410 advisory
https://github.com/flipped-aurora/gin-vue-admin package

Open in Interactive Console →