RubySec

Providing security resources for the Ruby community

CVE-2025-28382 (openc3-cosmos-tool-iframe): OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint

ADVISORIES

GEM

openc3-cosmos-tool-iframe

SEVERITY

CVSS v3.x: 7.5 (High)

UNAFFECTED VERSIONS

  • < 6.0.0

PATCHED VERSIONS

None.

DESCRIPTION

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.

RELATED