Path Traversal Vulnerability in gooaclok819 sublinkX Product by Vendor
CVE-2025-6774

5.3MEDIUM

Key Information:

Vendor

Gooaclok819

Status
Sublinkx
Vendor
CVE Published:
27 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-6774?

A path traversal vulnerability exists in the gooaclok819 sublinkX version up to 1.8, specifically affecting the AddTemp function within the api/template.go file. The design flaw allows remote attackers to manipulate the filename argument, potentially leading to unauthorized file access. This vulnerability has been publicly disclosed, and exploitation could lead to severe security breaches. Users are strongly advised to upgrade to version 1.9, where this issue has been mitigated with patch ID 778d26aef723daa58df98c8060c43f5bf5d1b10b.

Affected Version(s)

sublinkX 1.0

sublinkX 1.1

sublinkX 1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6774 - Proof of Concept

References

https://vuldb.com/?id.314090
vdb-entrytechnical-description
https://vuldb.com/?ctiid.314090
signaturepermissions-required
https://vuldb.com/?submit.602369
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tritium (VulDB User)
.
CVE-2025-6774 : Path Traversal Vulnerability in gooaclok819 sublinkX Product by Vendor