Open Source Software Supply Chain Vulnerability in Minder by Mindersec
CVE-2025-65109

8.5HIGH

Key Information:

Vendor: Mindersec
Status: Minder
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-65109?

Minder, an open source software supply chain security platform, has a vulnerability in its Helm version 0.20241106.3386+ref.2507dbf and Go versions from 0.0.72 to 0.0.83. This vulnerability allows users to fetch content in the context of the Minder server, potentially accessing URLs that should remain restricted. The issue has been resolved in the patched versions of Minder Helm and Go, ensuring enhanced protection for users.

Affected Version(s)

minder Helm = 0.20241106.3386+ref.2507dbf = Helm 0.20241106.3386+ref.2507dbf

minder Go >= 0.0.72, < 0.0.84 < Go 0.0.72, 0.0.84

References

https://github.com/mindersec/minder/security/advisories/G...

x_refsource_CONFIRM

https://github.com/mindersec/minder/commit/f7704009239846...

x_refsource_MISC

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Nov 17, 2025

JSON