High severityOSV Advisory· Published Nov 25, 2025· Updated Apr 15, 2026

CVE-2025-65952

Description

Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This issue has been patched in version 2.8.0.

Affected products

Iidk The Actual/ConsoleOSV
Range: 2.0.1, 2.0.2, 2.0.3, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/iiDk-the-actual/Console/commit/4bcb1cf23ef78f8e6899dd6fe3afa3b24902e458nvd
github.com/iiDk-the-actual/Console/commit/e1005b8754594ad463ae58f8a99decda548b1826nvd
github.com/iiDk-the-actual/Console/security/advisories/GHSA-c3f7-xh45-2xc7nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000