VYPR

Atheos

by Atheos

Source repositories

CVEs (4)

  • CVE-2025-22152CriJan 10, 2025
    risk 0.59cvss 9.1epss 0.01

    Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through…

  • CVE-2025-49008CriJun 5, 2025
    risk 0.54cvss epss 0.01

    Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheos administrators and…

  • CVE-2025-47788CriMay 15, 2025
    risk 0.54cvss epss 0.00

    Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602…

  • CVE-2002-0244May 29, 2002
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.