ADVISORIES

• CVE-2025-28384 (NVD)
• GHSA-p67j-387g-75wc

GEM

openc3-cosmos-tool-iframe

SEVERITY

CVSS v3.x: 9.1 (Critical)

UNAFFECTED VERSIONS

• < 6.0.0

PATCHED VERSIONS

None.

DESCRIPTION

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.

RELATED

• https://nvd.nist.gov/vuln/detail/CVE-2025-28384
• https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework
• https://openc3.com
• https://github.com/advisories/GHSA-p67j-387g-75wc