Moderate severityOSV Advisory· Published Dec 23, 2025· Updated Dec 23, 2025
CVE-2025-65713
CVE-2025-65713
Description
Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
homeassistantPyPI | < 2025.8.0 | 2025.8.0 |
Affected products
1- Range: 0.103.0, 0.103.0b0, 0.103.0b1, …
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-pp3g-xmm4-5cw9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65713ghsaADVISORY
- gist.github.com/GenoWang/7359360285e0fe21a7a58d10ff71d032ghsaWEB
- github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/components/downloader/services.pyghsaWEB
- github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/util/__init__.pyghsaWEB
- github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/util/__init__.pyghsaWEB
- github.com/home-assistant/core/pull/150046ghsaWEB
News mentions
0No linked articles in our index yet.