First published: Thu Jan 23 2025(Updated: )
Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
Credit: 9119a7d8-5eab-497f-8521-727c672e3725
Affected Software | Affected Version | How to fix |
---|---|---|
Fedora Repository | <3.8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-23012 has been classified as a high severity vulnerability due to its exploitation potential through default credentials.
To fix CVE-2025-23012, you should migrate to a currently supported version of Fedora Repository, as version 3.8.1 is no longer maintained.
The risks associated with CVE-2025-23012 include unauthorized access to local files through manipulation of datastreams.
CVE-2025-23012 affects Fedora Repository version 3.8.x up to and including 3.8.1.
No, there is no patch available for CVE-2025-23012 since Fedora Repository 3.8.1 is no longer maintained.