CVE-2025-54872

HIGH

onion-site-template <3196bd89 - Info Disclosure

Title source: llm

Description

onion-site-template is a complete, scalable tor hidden service self-hosting sample. Versions which include commit 3196bd89 contain a baked-in tor image if the secrets were copied from an existing onion domain. A website could be compromised if a user shared the baked-in image, or if someone were able to acquire access to the user's device outside of a containerized environment. This is fixed by commit bc9ba0fd.

References (2)

[Vendor Advisory] https://github.com/Vessel9817/onion-site-template/security/advisories/GHSA-mj8m-c8w9-rw55

[Patch] https://github.com/Vessel9817/onion-site-template/commit/bc9ba0fd8cc7fbb3abc6759b351885a4501bce84

View Patch ZIP pw:eip

Scores

CVSS v4 8.7

EPSS 0.0008

EPSS Percentile 23.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

Vessel9817/onion-site-template >= 3196bd896fed58306d42cc9f4c1e0760e8c829c9, < bc9ba0fd8cc7fbb3abc6759b351885a4501bce84

Published Aug 06, 2025

Tracked Since Feb 18, 2026