Sensitive Data Exposure in Django Helpdesk Product
CVE-2018-25111

Currently unrated

Key Information:

Vendor: Django Helpdesk
Status: Django Helpdesk
Vendor: CVE Published:; 31 May 2025

🔔 Create Django Helpdesk Vulnerability Alert

What is CVE-2018-25111?

The Django Helpdesk product prior to version 1.0.0 contains a vulnerability that allows for sensitive data exposure due to improper setting of file permissions enabled by os.umask(0) in models.py. This can lead to unintentional disclosure of sensitive user data, making it essential for users to update to the latest version to secure their information.

References

https://github.com/django-helpdesk/django-helpdesk/issues...

https://github.com/django-helpdesk/django-helpdesk/pull/1120

https://github.com/django-helpdesk/django-helpdesk/releas...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2025