CVE-2025-54118 | THREATINT

Description

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This vulnerability is fixed in 2.2.4.

PUBLISHED Reserved 2025-07-16 | Published 2025-08-18 | Updated 2025-08-18 | Assigner GitHub_M

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

< 2.2.4

affected

References

github.com/...meless/security/advisories/GHSA-cj37-8jqc-hv2w

github.com/...ommit/3b94eb594dcbb1abc5524e41a0631df3ac95de8f

cve.org (CVE-2025-54118)

nvd.nist.gov (CVE-2025-54118)

Download JSON