VYPR
High severityOSV Advisory· Published Jul 26, 2025· Updated Apr 15, 2026

CVE-2025-50184

CVE-2025-50184

Description

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Dbgate/DbgateOSV2 versions
    list, packages-api-v1.0.6, packages-api-v1.0.7, …+ 1 more
    • (no CPE)range: list, packages-api-v1.0.6, packages-api-v1.0.7, …
    • (no CPE)range: <=6.4.3-premium-beta.5

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.