What is CVE-2025-24787?

CVE-2025-24787 is a high-severity vulnerability in Clidey Whodb, classified under Improper Neutralization of Special Elements in Data Query Logic. CVSS score: 8.6/10. Published 2025-02-06.

How severe is CVE-2025-24787?

High severity. CVSS v3 base score is 8.6 out of 10.

Vulnerability in Clidey Whodb

CVE-2025-24787

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is runn…

EPSS: 0.002 (39.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected products

Clidey Whodb — versions < 0.45.0

Weakness classification (CWE)

CWE-943 — Improper Neutralization of Special Elements in Data Query Logic

References

https://github.com/clidey/whodb/security/advisories/GHSA-c7w4-9wv8-7x7c (x_refsource_CONFIRM)
https://github.com/go-sql-driver/mysql/blob/7403860363ca112af503b4612568c3096fecb466/infile.go#L128 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-24787?: CVE-2025-24787 is a high-severity vulnerability in Clidey Whodb, classified under Improper Neutralization of Special Elements in Data Query Logic. CVSS score: 8.6/10. Published 2025-02-06.
How severe is CVE-2025-24787?: High severity. CVSS v3 base score is 8.6 out of 10.