CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20002 – GMOD Apollo Generation of Error Message Containing Sensitive Information
https://notcve.org/view.php?id=CVE-2025-20002
05 Mar 2025 — After attempting to upload a file that does not meet prerequisites, GMOD Apollo will respond with local path information disclosure • https://github.com/GMOD/Apollo • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24924 – GMOD Apollo Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2025-24924
05 Mar 2025 — Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23410 – GMOD Apollo Relative Path Traversal
https://notcve.org/view.php?id=CVE-2025-23410
04 Mar 2025 — When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07 • CWE-23: Relative Path Traversal •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21092 – GMOD Apollo Incorrect Privilege Assignment
https://notcve.org/view.php?id=CVE-2025-21092
04 Mar 2025 — GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07 • CWE-266: Incorrect Privilege Assignment •