ADVISORIES

• CVE-2025-28382 (NVD)
• GHSA-cf8v-5mrc-jv7f

GEM

openc3-cosmos-tool-iframe

SEVERITY

CVSS v3.x: 7.5 (High)

UNAFFECTED VERSIONS

• < 6.0.0

PATCHED VERSIONS

None.

DESCRIPTION

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.

RELATED

• https://nvd.nist.gov/vuln/detail/CVE-2025-28382
• https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework
• https://openc3.com
• https://github.com/advisories/GHSA-cf8v-5mrc-jv7f