CVE-2025-66410CRITICAL 9.1EPSS p38.6%

CVE-2025-66410CVE-2025-66410

Description

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.6% · 2026-06-18T12:00:27Z
Published2025-12-01
Last modified2026-02-06

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/flipped-aurora/gin-vue-admin/commit/ee8d8d7e04d9c38a35a6969f20e75213e84f57c6
  2. https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-jrhg-82w2-vvj7

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10916
CVE
CVE-2025-65879
CVE
CVE-2025-63298
CVE
CVE-2025-69990
CVE
CVE-2025-3055
CVE
CVE-2025-61318
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.