CVE-2025-57802

HIGH EPSS 27.9%

Published Aug 25, 202510mo ago · Modified Jun 17, 20261w ago

8.7 CVSS 4.0

High

Published Aug 25, 2025 10mo ago

Last Modified Jun 17, 2026 1w ago

Description

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container bind-mounts an arbitrary host path, these symlinks can point to sensitive locations on the host filesystem. When the application or other processes follow these symlinks, the attacker can gain unauthorized read access to host files outside the container. This issue has been patched in version 1.0.1.

CVSS Details

Base Score

8.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

27.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-61

References 2

github.com https://github.com/airlinklabs/daemon/commit/5e6222dd9eec6d7cb0876b12507e3d6011797693
github.com https://github.com/airlinklabs/daemon/security/advisories/GHSA-hrfv-wm8p-mg8m

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.