{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T16:37:23.274","vulnerabilities":[{"cve":{"id":"CVE-2025-59049","sourceIdentifier":"security-advisories@github.com","published":"2025-09-10T19:15:42.500","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal and LFI, allowing an attacker to get any file in the mock server filesystem.\nThe issue may be particularly relevant in cloud hosted server instances. Version 9.2.0 fixes the issue."},{"lang":"es","value":"Mockoon proporciona una forma de diseñar y ejecutar APIs simuladas. Antes de la versión 9.2.0, una configuración de API simulada para el servicio de archivos estáticos sigue el mismo enfoque presentado en la página de documentación, donde el nombre de archivo del servidor se genera a través de características de plantillas a partir de la entrada del usuario es vulnerable a Salto de Ruta y LFI, permitiendo a un atacante obtener cualquier archivo en el sistema de archivos del servidor simulado. El problema puede ser particularmente relevante en instancias de servidor alojadas en la nube. La versión 9.2.0 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-24"},{"lang":"en","value":"CWE-73"}]}],"references":[{"url":"https://github.com/mockoon/mockoon/blob/1ed31c4059d7f757f6cb2a43e10dc81b0d9c55a9/packages/commons-server/src/libs/server/server.ts#L1400","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/blob/1ed31c4059d7f757f6cb2a43e10dc81b0d9c55a9/packages/commons-server/src/libs/server/server.ts#L1551","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/commit/c7f6e23e87dc3b8cc44e5802af046200a797bd2e","source":"security-advisories@github.com"},{"url":"https://github.com/mockoon/mockoon/security/advisories/GHSA-w7f9-wqc4-3wxr","source":"security-advisories@github.com"}]}}]}