OpenAPI Specification Exposure in Directus API Management Tool
CVE-2025-53887
Currently unrated
What is CVE-2025-53887?
A vulnerability exists in the Directus API management tool where the exact version number is revealed through the OpenAPI Specification at the '/server/specs/oas' endpoint without requiring authentication. This exposure allows attackers to identify potential weaknesses in the Directus core and its dependencies tied to the specific version of the application in use. As a result, it enables malicious actors to exploit known vulnerabilities, posing a risk to databases and potentially compromising their integrity. The issue has been addressed in version 11.9.0, which mitigates this exposure.