RubySec

Providing security resources for the Ruby community

CVE-2025-28384 (openc3-cosmos-tool-iframe): OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint

ADVISORIES

GEM

openc3-cosmos-tool-iframe

SEVERITY

CVSS v3.x: 9.1 (Critical)

UNAFFECTED VERSIONS

  • < 6.0.0

PATCHED VERSIONS

None.

DESCRIPTION

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.

RELATED