GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/87599?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87599?format=api",
    "vulnerability_id": "VCID-smzq-3w2e-fkfb",
    "summary": "Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.",
    "aliases": [
        {
            "alias": "CVE-2025-54107"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54107",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.00448",
                    "scoring_system": "epss",
                    "scoring_elements": "0.6399",
                    "published_at": "2026-06-11T12:55:00Z"
                },
                {
                    "value": "0.00448",
                    "scoring_system": "epss",
                    "scoring_elements": "0.64092",
                    "published_at": "2026-06-12T12:55:00Z"
                },
                {
                    "value": "0.00448",
                    "scoring_system": "epss",
                    "scoring_elements": "0.64106",
                    "published_at": "2026-06-13T12:55:00Z"
                },
                {
                    "value": "0.00448",
                    "scoring_system": "epss",
                    "scoring_elements": "0.64103",
                    "published_at": "2026-06-14T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54107"
        },
        {
            "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54107",
            "reference_id": "CVE-2025-54107",
            "reference_type": "",
            "scores": [
                {
                    "value": "4.3",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T17:32:31Z/"
                }
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54107"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 41,
            "name": "Improper Resolution of Path Equivalence",
            "description": "The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object."
        }
    ],
    "exploits": [],
    "severity_range_score": "4.3 - 4.3",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-smzq-3w2e-fkfb"
}