OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint
Published: June 13, 2025
SECURITY IDENTIFIERS
- CVE: CVE-2025-28384 (NVD)
- GHSA: GHSA-p67j-387g-75wc
GEM
SEVERITY
CVSS v3.x: 9.1 (Critical)
UNAFFECTED VERSIONS
< 6.0.0
PATCHED VERSIONS
None available.
DESCRIPTION
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.