CVE-2025-54118

{"id": "CVE-2025-54118", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-08-18T16:15:29.353", "references": [{"url": "https://github.com/NamelessMC/Nameless/commit/3b94eb594dcbb1abc5524e41a0631df3ac95de8f", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-cj37-8jqc-hv2w", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This vulnerability is fixed in 2.2.4."}, {"lang": "es", "value": "NamelessMC es un software web gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. La divulgaci\u00f3n de informaci\u00f3n confidencial en NamelessMC anterior a la versi\u00f3n 2.2.4 permite que un atacante remoto no autenticado obtenga informaci\u00f3n confidencial, como la ruta absoluta del c\u00f3digo fuente, mediante el par\u00e1metro de lista. Esta vulnerabilidad se corrige en la versi\u00f3n 2.2.4."}], "lastModified": "2025-08-20T21:23:34.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FE24BDD-51F8-4096-A5E5-3394EA4EE64E", "versionEndExcluding": "2.2.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}