CVE-2025-34171

MEDIUM

CasaOS <= 0.4.15 - Unauthenticated Sensitive Information Exposure via Image and Debug Endpoints

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-34171. PoCs published by Eyodav.

AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2025-34171, an unauthenticated file and debug data exposure vulnerability in CasaOS ≤ 0.4.15. The vulnerability allows remote attackers to retrieve sensitive configuration files and system debug information via exposed API endpoints.

Description

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host.

Exploits (1)

nomisec WRITEUP

by Eyodav · poc

https://github.com/Eyodav/CVE-2025-34171

View Code ZIP pw:eip

This repository contains a detailed writeup for CVE-2025-34171, an unauthenticated file and debug data exposure vulnerability in CasaOS ≤ 0.4.15. The vulnerability allows remote attackers to retrieve sensitive configuration files and system debug information via exposed API endpoints.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: CasaOS ≤ 0.4.15

No auth needed

Prerequisites: Network access to the CasaOS service

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources product

https://casaos.zimaspace.com/

Various Sources product

https://github.com/IceWhaleTech/CasaOS

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/casaos-unauthenticated-file-and-debug-data-exposure

Scores

CVSS v3 5.3

EPSS 0.0055

EPSS Percentile 41.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-497 CWE-862

Status published

Products (1)

icewhale/casaos < 0.4.15

Published Jan 02, 2026

Tracked Since Feb 18, 2026