{"id":"CVE-2025-67488","summary":"SiYuan: ZipSlip -\u003e Arbitrary File Overwrite -\u003e RCE","details":"SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, and can escalate to full code execution under some circumstances. A fix is planned for version 3.5.0.","aliases":["GHSA-gqfv-g4v7-m366","GO-2025-4221"],"modified":"2026-04-10T04:16:25.340315Z","published":"2025-12-09T20:32:37.274Z","related":["SUSE-SU-2026:0037-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67488.json","cna_assigner":"GitHub_M","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"0.0.0-20251202123337-6ef83b42c7ce"}]}],"cwe_ids":["CWE-22"]},"references":[{"type":"WEB","url":"https://github.com/siyuan-note/siyuan/blob/dae6158860cc704e353454565c96e874278c6f47/kernel/api/import.go#L190"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67488.json"},{"type":"ADVISORY","url":"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gqfv-g4v7-m366"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67488"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/siyuan-note/siyuan","events":[{"introduced":"0"},{"fixed":"7217c666361bae77ea83d1ee4237bcb4af55565f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.5.0"}]}}],"versions":["dev2.0.17-2","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v0.2.7","v0.2.8","v0.2.9","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.3.9","v0.4.0","v0.4.1","v0.4.1-x2","v0.4.2","v0.4.3","v0.4.3-x1","v0.4.32","v0.4.4","v0.4.5","v0.4.6","v0.4.7","v0.4.8","v0.4.9","v0.4.91","v0.4.92","v0.4.93","v0.4.94","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.5.4","v0.5.41","v0.5.42","v0.5.43","v0.5.44","v0.5.45","v0.5.46","v0.5.5","v0.5.6","v0.5.6-alpha1","v0.5.7","v0.5.8","v0.5.9","v0.6.0","v0.6.1","v0.6.2","v0.6.3","v0.6.4","v0.6.5","v0.6.6","v0.6.7","v0.6.8","v0.7.0","v0.7.1","v0.7.5","v0.7.8","v0.8.0","v0.8.5","v0.9.0","v0.9.2","v0.9.5","v0.9.6","v0.9.7","v0.9.8","v0.9.9","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.81","v1.1.82","v1.1.83","v1.2.0","v1.2.0-beta1","v1.2.0-beta10","v1.2.0-beta11","v1.2.0-beta12","v1.2.0-beta13","v1.2.0-beta14","v1.2.0-beta15","v1.2.0-beta16","v1.2.0-beta2","v1.2.0-beta3","v1.2.0-beta4","v1.2.0-beta5","v1.2.0-beta6","v1.2.0-beta7","v1.2.0-beta8","v1.2.0-beta9","v1.2.0-rc1","v1.2.0-rc2","v1.2.0-rc3","v1.2.1","v1.2.2","v1.2.3","v1.2.31","v1.2.5","v1.2.6","v1.2.7","v1.2.8","v1.2.9","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4.8","v1.5.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.5","v1.5.5-beta1","v1.5.5-beta2","v1.5.5-beta3","v1.5.6","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.7.0","v1.7.1","v1.7.10","v1.7.11","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8","v1.7.9","v1.8.0","v1.8.1","v1.8.2","v1.8.4","v1.8.5","v1.8.6","v1.8.7","v1.8.8","v1.8.9","v1.9.0","v1.9.1","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9","v2.0.0","v2.0.0-beta1","v2.0.0-beta2","v2.0.1","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.14","v2.0.15","v2.0.16","v2.0.17","v2.0.18","v2.0.19","v2.0.2","v2.0.20","v2.0.21","v2.0.21-dev1","v2.0.22","v2.0.23","v2.0.24","v2.0.25","v2.0.26","v2.0.26-dev1","v2.0.26-dev2","v2.0.27","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v2.1.0","v2.1.1","v2.1.10","v2.1.11","v2.1.12","v2.1.13","v2.1.14","v2.1.2","v2.1.3","v2.1.3-dev1","v2.1.4","v2.1.5","v2.1.6","v2.1.6-dev1","v2.1.7","v2.1.8","v2.1.8-dev1","v2.1.9","v2.10.0","v2.10.1","v2.10.1-dev1","v2.10.10","v2.10.11","v2.10.11-dev2","v2.10.12","v2.10.12-dev1","v2.10.13","v2.10.13-dev1","v2.10.13-dev5","v2.10.14","v2.10.14-dev1","v2.10.14-dev2","v2.10.15","v2.10.15-dev1","v2.10.16","v2.10.16-dev2","v2.10.2","v2.10.3","v2.10.3-dev1","v2.10.3-dev2","v2.10.3-dev3","v2.10.4","v2.10.4-dev1","v2.10.5","v2.10.5-dev1","v2.10.5-dev2","v2.10.6","v2.10.6-dev1","v2.10.6-dev2","v2.10.6-dev3","v2.10.6-dev4","v2.10.8","v2.10.8-dev1","v2.10.8-dev2","v2.10.8-dev3","v2.10.9","v2.10.9-dev3","v2.11.0","v2.11.0-dev2","v2.11.1","v2.11.1-dev1","v2.11.2","v2.11.2-dev1","v2.11.2-dev2","v2.11.2-dev3","v2.11.2-dev4","v2.11.2-dev5","v2.11.3","v2.11.3-dev1","v2.11.3-dev2","v2.11.4","v2.11.4-dev2","v2.11.4-dev4","v2.11.4-dev5","v2.11.4-dev6","v2.12.0","v2.12.0-dev1","v2.12.1","v2.12.1-dev3","v2.12.2","v2.12.3","v2.12.3-dev2","v2.12.4","v2.12.4-dev2","v2.12.5","v2.12.6","v2.12.7","v2.12.7-dev1","v2.12.7-dev2","v2.12.8","v2.12.8-dev2","v2.2.0","v2.2.1","v2.2.2","v2.2.3","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.4.0","v2.4.1","v2.4.10","v2.4.11","v2.4.12","v2.4.12-dev2","v2.4.2","v2.4.3","v2.4.4","v2.4.5","v2.4.6","v2.4.7","v2.4.8","v2.4.9","v2.5.0","v2.5.0-dev1","v2.5.0-dev2","v2.5.1","v2.5.1-dev1","v2.5.1-dev2","v2.5.2","v2.5.2-dev2","v2.5.3","v2.5.3-dev2","v2.5.4","v2.5.4-dev1","v2.5.5","v2.5.5-dev1","v2.6.0","v2.6.0-dev1","v2.6.0-dev2","v2.6.0-dev3","v2.6.1","v2.6.1-dev3","v2.6.1-dev4","v2.6.1-dev5","v2.6.1-dev6","v2.6.1-dev7","v2.6.2","v2.6.3","v2.6.3-dev1","v2.6.3-dev2","v2.6.3-dev3","v2.6.3-dev4","v2.6.3-dev6","v2.7.0","v2.7.1","v2.7.1-dev1","v2.7.1-dev5","v2.7.10","v2.7.2","v2.7.2-dev1","v2.7.2-dev2","v2.7.2-dev3","v2.7.3","v2.7.3-dev3","v2.7.3-dev4","v2.7.4","v2.7.4-dev1","v2.7.5","v2.7.5-dev2","v2.7.6","v2.7.6-dev3","v2.7.6-dev4","v2.7.7","v2.7.7-dev1","v2.7.7-dev2","v2.7.7-dev3","v2.7.7-dev4","v2.7.8","v2.7.8-dev1","v2.7.9","v2.7.9-dev1","v2.7.9-dev2","v2.8.0","v2.8.0-dev1","v2.8.1-dev1","v2.8.1-dev2","v2.8.1-dev3","v2.8.10","v2.8.3","v2.8.3-dev1","v2.8.4","v2.8.4-dev2","v2.8.5","v2.8.5-dev1","v2.8.5-dev2","v2.8.5-dev3","v2.8.6","v2.8.6-dev1","v2.8.6-dev2","v2.8.6-dev4","v2.8.7","v2.8.7-dev2","v2.8.7-dev3","v2.8.7-dev5","v2.8.8","v2.8.8-dev1","v2.8.8-dev3","v2.8.9","v2.8.9-dev2","v2.8.9-dev3","v2.9.0","v2.9.0-dev1","v2.9.1","v2.9.1-dev1","v2.9.1-dev2","v2.9.2","v2.9.2-dev2","v2.9.2-dev3","v2.9.3","v2.9.3-dev1","v2.9.3-dev3","v2.9.4","v2.9.4-dev2","v2.9.5","v2.9.5-dev2","v2.9.6","v2.9.6-dev1","v2.9.7","v2.9.7-dev2","v2.9.7-dev3","v2.9.8","v2.9.8-dev1","v2.9.8-dev2","v2.9.9","v2.9.9-dev1","v3.0.0","v3.0.0-dev1","v3.0.0-dev2","v3.0.1","v3.0.1-dev2","v3.0.10","v3.0.10-dev1","v3.0.10-dev3","v3.0.11","v3.0.12","v3.0.12-dev1","v3.0.12-dev4","v3.0.12-dev5","v3.0.13-dev3","v3.0.13-dev4","v3.0.14","v3.0.15","v3.0.15-dev1","v3.0.15-dev2","v3.0.16","v3.0.16-dev3","v3.0.17","v3.0.17-dev1","v3.0.17-dev2","v3.0.2","v3.0.2-dev2","v3.0.3","v3.0.3-dev4","v3.0.3-dev5","v3.0.4","v3.0.4-dev2","v3.0.5","v3.0.5-dev3","v3.0.5-dev4","v3.0.5-dev5","v3.0.6","v3.0.6-dev2","v3.0.6-dev3","v3.0.7","v3.0.7-dev1","v3.0.8","v3.0.8-dev1","v3.0.8-dev2","v3.0.9","v3.1.0","v3.1.0-dev10","v3.1.0-dev11","v3.1.0-dev12","v3.1.0-dev2","v3.1.0-dev3","v3.1.0-dev8","v3.1.0-dev9","v3.1.1-dev1","v3.1.1-dev2","v3.1.10","v3.1.10-dev1","v3.1.10-dev6","v3.1.11","v3.1.11-dev2","v3.1.11-dev5","v3.1.11-dev9","v3.1.12","v3.1.12-dev2","v3.1.12-dev3","v3.1.12-dev4","v3.1.13","v3.1.14","v3.1.14-dev2","v3.1.15","v3.1.15-dev1","v3.1.15-dev3","v3.1.16","v3.1.17","v3.1.18","v3.1.19","v3.1.19-dev3","v3.1.2","v3.1.2-dev2","v3.1.2-dev3","v3.1.2-dev4","v3.1.20","v3.1.20-dev3","v3.1.20-dev4","v3.1.21","v3.1.21-dev1","v3.1.21-dev3","v3.1.21-dev4","v3.1.22","v3.1.22-dev1","v3.1.22-dev2","v3.1.23","v3.1.24","v3.1.25","v3.1.25-dev3","v3.1.25-dev4","v3.1.25-dev6","v3.1.26","v3.1.26-dev1","v3.1.26-dev2","v3.1.26-dev3","v3.1.27","v3.1.27-dev1","v3.1.27-dev2","v3.1.27-dev4","v3.1.28","v3.1.28-dev2","v3.1.28-dev3","v3.1.29","v3.1.29-dev3","v3.1.3","v3.1.3-dev1","v3.1.3-dev2","v3.1.30","v3.1.30-dev1","v3.1.31","v3.1.32","v3.1.32-dev2","v3.1.4","v3.1.4-dev2","v3.1.4-dev3","v3.1.4-dev5","v3.1.5","v3.1.6","v3.1.6-dev1","v3.1.6-dev2","v3.1.7","v3.1.7-dev3","v3.1.7-dev4","v3.1.7-dev5","v3.1.7-dev7","v3.1.7-dev8","v3.1.8","v3.1.8-dev2","v3.1.8-dev3","v3.1.9","v3.1.9-dev1","v3.1.9-dev10","v3.1.9-dev2","v3.1.9-dev3","v3.1.9-dev4","v3.1.9-dev6","v3.1.9-dev7","v3.1.9-dev9","v3.2.0-dev1","v3.2.0-dev10","v3.2.0-dev2","v3.2.0-dev3","v3.2.0-dev4","v3.2.0-dev6","v3.2.0-dev8","v3.2.0-dev9","v3.2.1","v3.2.1-dev2","v3.2.1-dev3","v3.2.1-dev4","v3.2.1-dev5","v3.2.1-dev6","v3.3.0","v3.3.0-dev3","v3.3.0-dev4","v3.3.1","v3.3.2","v3.3.2-dev1","v3.3.2-dev2","v3.3.3","v3.3.3-dev1","v3.3.3-dev2","v3.3.3-dev3","v3.3.3-dev4","v3.3.3-dev5","v3.3.4","v3.3.4-dev1","v3.3.4-dev2","v3.3.5","v3.3.6","v3.3.6-dev1","v3.3.6-dev2","v3.4.0","v3.4.0-dev1","v3.4.0-dev2","v3.4.0-dev3","v3.4.0-dev4","v3.4.0-dev5","v3.4.1","v3.4.1-dev1","v3.4.2","v3.4.2-dev1","v3.5.0-dev1","v3.5.0-dev2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-67488.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}