Description

ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip file to bypass the client-side file-type verification. This could lead to stored XSS, or be used for other nefarious purposes such as malware distribution. This issue is fixed in version 0.6.8.

INFO

Published Date :

2025-11-06T21:12:38.265Z

Last Modified :

2025-11-06T21:31:41.244Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64176 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64176.

URL Resource
https://github.com/MatiasDesuu/ThinkDashboard/commit/18d2f6aded0d6424cc4c8619731dd20563f4cfd8 cve-icon cve-icon
https://github.com/MatiasDesuu/ThinkDashboard/security/advisories/GHSA-jvmw-hg62-jr47 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact