Vulnerability in Static-web-server

CVE-2025-67487

Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which can be used to access files or directories outside the intended web root fo…

EPSS: 0.003 (26.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-67487?
CVE-2025-67487 is a high-severity vulnerability in Static-web-server, classified under UNIX Symbolic Link (Symlink) Following. CVSS score: 8.6/10. Published 2025-12-09.
How severe is CVE-2025-67487?
High severity. CVSS v3 base score is 8.6 out of 10.