Path Traversal in Atheos
CVE-2025-47788
Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary file…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.004 (33.1th percentile) — read the EPSS interpretation.
Affected products
- Atheos — versions < 602
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)