CVE-2025-24786: 
Linux openSUSE vulnerability analysis and mitigation

CVE-2025-24786 is a critical path traversal vulnerability discovered in WhoDB, an open-source database management tool. The vulnerability was disclosed on February 6, 2025, affecting all versions prior to 0.45.0. While WhoDB is designed to only display SQLite3 databases within the /db directory, the lack of path traversal prevention allows an unauthenticated attacker to access any SQLite3 database present on the host machine (GitHub Advisory, NVD).

The vulnerability stems from improper limitation of pathname to a restricted directory. WhoDB uses .Join() with the default directory to get the full path of the database file but performs no validation to ensure the accessed file actually resides within the intended /db directory (or ./tmp in development mode). This oversight allows attackers to use path traversal sequences (../../) to navigate outside the intended directory. The vulnerability has received a CVSS v3.1 score of 10.0 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N, indicating its severe nature (Security Online, GitHub Advisory).

The exploitation of this vulnerability allows unauthenticated attackers to gain unauthorized access to any SQLite3 database file present on the system. If WhoDB has write permissions for the database file, attackers can not only read but also modify the accessed databases. This could lead to exposure of confidential information such as user credentials, financial records, or other proprietary data (SecMaster).

The vulnerability has been patched in WhoDB version 0.45.0. Users are strongly advised to upgrade to this version or later. For cases where immediate upgrade is not possible, there are no effective workarounds other than temporarily disabling WhoDB. Organizations should also implement additional security measures such as network segmentation, access controls, and regular security audits (SecMaster).