GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/89017?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89017?format=api",
    "vulnerability_id": "VCID-fb35-de6c-jyht",
    "summary": "An uncontrolled search path element vulnerability can lead to local privilege Escalation (LPE) via Insecure Directory Permissions. The vulnerability arises from improper handling of directory permissions. An attacker with local access may exploit this flaw to move and delete arbitrary files, potentially gaining SYSTEM privileges.",
    "aliases": [
        {
            "alias": "CVE-2025-25011"
        }
    ],
    "fixed_packages": [],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25011",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.00043",
                    "scoring_system": "epss",
                    "scoring_elements": "0.13388",
                    "published_at": "2026-06-11T12:55:00Z"
                },
                {
                    "value": "0.00043",
                    "scoring_system": "epss",
                    "scoring_elements": "0.13506",
                    "published_at": "2026-06-12T12:55:00Z"
                },
                {
                    "value": "0.00043",
                    "scoring_system": "epss",
                    "scoring_elements": "0.13511",
                    "published_at": "2026-06-13T12:55:00Z"
                },
                {
                    "value": "0.00043",
                    "scoring_system": "epss",
                    "scoring_elements": "0.13485",
                    "published_at": "2026-06-14T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-25011"
        },
        {
            "reference_url": "https://discuss.elastic.co/t/beats-windows-installer-9-1-0-security-update-esa-2025-12/380558",
            "reference_id": "380558",
            "reference_type": "",
            "scores": [
                {
                    "value": "7",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-02T03:55:50Z/"
                }
            ],
            "url": "https://discuss.elastic.co/t/beats-windows-installer-9-1-0-security-update-esa-2025-12/380558"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 427,
            "name": "Uncontrolled Search Path Element",
            "description": "The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors."
        }
    ],
    "exploits": [],
    "severity_range_score": "7.0 - 7.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fb35-de6c-jyht"
}