- Description
- Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack vectors present in multiple PHP files. This vulnerability is fixed in v600.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
#Vulnerability #Atheos CVE-2025-22152 (CVSS 9.4): Severe Vulnerabilities Found in Atheos Web-Based IDE https://t.co/2ha018FHmd
@Komodosec
4 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Atheos IDE の脆弱性 CVE-2025-22152 (CVSS 9.4) が FIX:RCE などの可能性 https://t.co/DRFYD0UXLS Atheos IDE の脆弱性が FIX しました。ご利用のチームは、アップデートを ご検討ください。このブログでは、初登場の Atheos なので、GitHub… https://t.co/Hr2HPrTBKJ
@iototsecnews
21 Jan 2025
115 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2025-22152 - https://t.co/oU5RPxtLm7 #OSINT #ThreatIntel #CyberSecurity #cve_2025_22152
@RedPacketSec
11 Jan 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22152 Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an at… https://t.co/aShz4Rfjkc
@CVEnew
10 Jan 2025
313 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes