Critical severityNVD Advisory· Published May 15, 2025· Updated Apr 15, 2026

CVE-2025-47788

Description

Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the $target parameter in /controller.php was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for the issue.

Patches

97fe76871578

https://github.com/atheos/atheosvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/Atheos/Atheos/commit/97fe76871578d2011ebe9281f3a005c5df85162bnvd
github.com/Atheos/Atheos/security/advisories/GHSA-x9vw-6vfx-7rx5nvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000