Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Critical vulnerability in Directus that can lead to system integrity compromise, Patch Immediately!
Image
Veröffentlicht : 21/08/2025
- Last update: 21/08/2025
- Affected software:
→ Directus version 10.8.0 until before11.9.3- Type: CWE-73: External Control of File Name or Path, CWE-434: Unrestricted Upload of File with Dangerous Type
- CVE/CVSS
→ CVE-2025-55746: CVSS 9.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L)
Sources
https://github.com/directus/directus/security/advisories/GHSA-mv33-9f6j-pfmc
https://github.com/directus/directus/commit/d84dcc36f75fc5c858d43746b8f9c426c38d696b
Risks
Directus, which is used as a real-time API and App dashboard for managing SQL database content, has a critical vulnerability (CVE-2025-55746) in its file update mechanism.
A threat actor can use CVE-2025-55746 to modify existing files or upload new files with arbitrary content without leaving any trace in the Directus UI.
As of the writing of this advisory (Aug 21, 2025) there is no information about this vulnerability being actively exploited in the wild and no proof of concept is publicly available.
An attacker exploiting this vulnerability could severely impact the confidentiality, availability and integrity of the affected systems.
Description
CVE-2025-55746 can be exploited by a remote unauthenticated attacker to bypass UI file controls. That can allow the attacker to modify existing files without updating their metadata and upload new files with arbitrary content and extensions. All those actions can cause an integrity compromise of the file system since the attacker can execute unauthorized file manipulations without any prior authentication.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
The Centre for Cybersecurity Belgium recommends upgrading Directus to version 11.9.3 or later.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.