{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54118", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-16T23:53:40.508Z", "datePublished": "2025-08-18T15:59:15.837Z", "dateUpdated": "2025-08-18T17:34:51.775Z"}, "containers": {"cna": {"title": "NamelessMC allows sensitive information disclosure in member list component", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-cj37-8jqc-hv2w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-cj37-8jqc-hv2w"}, {"name": "https://github.com/NamelessMC/Nameless/commit/3b94eb594dcbb1abc5524e41a0631df3ac95de8f", "tags": ["x_refsource_MISC"], "url": "https://github.com/NamelessMC/Nameless/commit/3b94eb594dcbb1abc5524e41a0631df3ac95de8f"}], "affected": [{"vendor": "NamelessMC", "product": "Nameless", "versions": [{"version": "< 2.2.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-18T15:59:15.837Z"}, "descriptions": [{"lang": "en", "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This vulnerability is fixed in 2.2.4."}], "source": {"advisory": "GHSA-cj37-8jqc-hv2w", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-18T17:34:42.179767Z", "id": "CVE-2025-54118", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-18T17:34:51.775Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54118", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-18T17:34:42.179767Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-18T17:34:47.083Z"}}], "cna": {"title": "NamelessMC allows sensitive information disclosure in member list component", "source": {"advisory": "GHSA-cj37-8jqc-hv2w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "NamelessMC", "product": "Nameless", "versions": [{"status": "affected", "version": "< 2.2.4"}]}], "references": [{"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-cj37-8jqc-hv2w", "name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-cj37-8jqc-hv2w", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/NamelessMC/Nameless/commit/3b94eb594dcbb1abc5524e41a0631df3ac95de8f", "name": "https://github.com/NamelessMC/Nameless/commit/3b94eb594dcbb1abc5524e41a0631df3ac95de8f", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This vulnerability is fixed in 2.2.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-18T15:59:15.837Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54118", "state": "PUBLISHED", "dateUpdated": "2025-08-18T17:34:51.775Z", "dateReserved": "2025-07-16T23:53:40.508Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-08-18T15:59:15.837Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FE24BDD-51F8-4096-A5E5-3394EA4EE64E", "versionEndExcluding": "2.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This vulnerability is fixed in 2.2.4."}, {"lang": "es", "value": "NamelessMC es un software web gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. La divulgaci\u00f3n de informaci\u00f3n confidencial en NamelessMC anterior a la versi\u00f3n 2.2.4 permite que un atacante remoto no autenticado obtenga informaci\u00f3n confidencial, como la ruta absoluta del c\u00f3digo fuente, mediante el par\u00e1metro de lista. Esta vulnerabilidad se corrige en la versi\u00f3n 2.2.4."}], "id": "CVE-2025-54118", "lastModified": "2025-08-20T21:23:34.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-08-18T16:15:29.353", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/NamelessMC/Nameless/commit/3b94eb594dcbb1abc5524e41a0631df3ac95de8f"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-cj37-8jqc-hv2w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}