CVE-2025-35430
Published
CVSS v3
5
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
CISA Thorium does not adequately validate the paths of downloaded files via 'download_ephemeral' and 'download_children'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2.
A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.
GitHub