{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T01:14:44.846","vulnerabilities":[{"cve":{"id":"CVE-2026-25539","sourceIdentifier":"security-advisories@github.com","published":"2026-02-04T22:16:00.083","lastModified":"2026-02-11T19:10:21.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. This issue has been patched in version 3.5.5."},{"lang":"es","value":"SiYuan es un sistema de gestión de conocimiento personal. Antes de la versión 3.5.5, el endpoint /api/file/copyFile no valida el parámetro dest, permitiendo a usuarios autenticados escribir archivos en ubicaciones arbitrarias en el sistema de archivos. Esto puede llevar a la Ejecución Remota de Código (RCE) al escribir en ubicaciones sensibles como trabajos cron, SSH authorized_keys o archivos de configuración de shell. Este problema ha sido parcheado en la versión 3.5.5."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:b3log:siyuan:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5.3","matchCriteriaId":"3141D3B1-ED56-4898-B115-8863570D1D63"}]}]}],"references":[{"url":"https://github.com/siyuan-note/siyuan/commit/d7f790755edf8c78d2b4176171e5a0cdcd720feb","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c4jr-5q7w-f6r9","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c4jr-5q7w-f6r9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}