CVE-2025-24786 Scanner

WhoDB is a lightweight database manager used primarily to manage Sqlite3 databases, often favored for its simplicity and ease of deployment. It is popular among developers and database administrators for local and small-scale applications, particularly where overhead from more extensive database systems would be unnecessary. Its open-source nature makes it a favorite for customization and adaptation to specific needs in a variety of environments. However, reliance on its default configurations without updates can extend vulnerabilities across its networks. It leverages Python scripts to interact with SQLite databases, which allows seamless integration into numerous software solutions used worldwide. Therefore, keeping the software version updated is crucial to mitigate potential security risks.

Path Traversal Vulnerability allows attackers to gain unauthorized access to filesystem structures by manipulating file paths. In the context of WhoDB, this vulnerability exists due to inadequate validation when opening database files. This oversight allows unauthenticated attackers to navigate through directories and potentially access sensitive database files. Such vulnerabilities may expose critical information contained within inadvertently accessed files, posing a risk to data confidentiality. It is categorized under high-severity due to the external access it provides to a fundamental component of the host system. Resolving this vulnerability is essential for maintaining secure and resilient database management environments.

The Path Traversal vulnerability in WhoDB is specifically triggered when an attacker exploits the application's database filename input. By inputting paths like "../etc/secret.db", attackers can traverse the server's directory structure to access Sqlite3 databases of their choosing. The vulnerable endpoint for this attack is the '/api/query' API, which the application exposes to interact with database files. Exploitation involves sending crafted POST requests to this API endpoint, which uses unspecified Hostname parameters to execute unauthorized file access requests. The vulnerability resides in the application's failure to restrict or sanitize user-provided file paths, resulting in potential illicit access to sensitive system data.

Exploitation of the Path Traversal vulnerability in WhoDB can lead to significant security breaches. If successful, attackers may extract confidential information housed within the database files, including sensitive user data, passwords, and other confidential records. Such unauthorized access not only contravenes privacy regulations but may also provide attackers with leverage to further infiltrate the network. This could lead to larger-scale attacks involving data exfiltration or corruption, potentially resulting in operational disruptions. The exploitation's impact is compounded by the possibility of additional vulnerabilities being accessed through compromised configurations, amplifying the need for immediate remediation.

REFERENCES

• https://github.com/clidey/whodb
• https://github.com/clidey/whodb/security/advisories/GHSA-9r4c-jwx3-3j76
• https://nvd.nist.gov/vuln/detail/CVE-2025-24786