Security Advisory

CVE-2025-22240

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-13 07:03:35

Last updated 2025-06-13 13:42:42

Assigner vmware

State PUBLISHED

Description

Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Masters process has permissions to.

← Browse all CVEs View on cve.org ↗