Vulnerability in Static-web-server
CVE-2025-67487
Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which can be used to access files or directories outside the intended web root fo…
EPSS: 0.003 (26.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.
Affected products
- Static-web-server — versions < 2.40.1
- Static-web-server Static_web_server
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
- security-advisories@github.com (Patch, x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-67487?
- CVE-2025-67487 is a high-severity vulnerability in Static-web-server, classified under UNIX Symbolic Link (Symlink) Following. CVSS score: 8.6/10. Published 2025-12-09.
- How severe is CVE-2025-67487?
- High severity. CVSS v3 base score is 8.6 out of 10.