CVE-2025-53375: Routers Settings Ts Cwe 000 Cve 2025 53375

Missing authorization check for `serverId` before calling `readConfigInPath`. This can lead to IDOR and Path Traversal if the target server doesn't belong to the active user's organization.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0

greprules fetch cve-2025-53375-routers-settings-ts-cwe-000-cve-2025-53375 --engine opengrep

Description

Missing authorization check for `serverId` before calling `readConfigInPath`. This can lead to IDOR and Path Traversal if the target server doesn't belong to the active user's organization.

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 146 downloads
0 direct146 via packs
· 0 stars · Quality score 73How quality works
Included packs: 2 packs

Community feedback

0 signals from signed-in users.

Useful: 0
False positive: 0
Metadata: 0