CVE-2025-66410 – Gin-vue-admin has an arbitrary file deletion vulnerability

CVE ID : CVE-2025-66410

Published : Dec. 1, 2025, 11:15 p.m. | 1 hour, 9 minutes ago

Description : Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the ‘FileMd5’ parameter to delete any file and folder.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-66448 – vLLM vulnerable to remote code execution via transformers_utils/get_config

CVE-2025-66415 – fastify-reply-from bypass of reply forwarding

CVE-2025-66412 – Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

CVE-2025-66405 – Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host