Path Traversal in Atheos

CVE-2025-47788

Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary file…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.004 (33.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References