CVE-2022-25010

moderate-risk
Published 2022-03-01

The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system.

Do I need to act?

-
0.26% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Stepmania
Stepmania
Stepmania
Stepmania
Stepmania
Stepmania

Affected Vendors

Stepmania

References (2)

Patch https://github.com/stepmania/stepmania/pull/2184
Patch https://github.com/stepmania/stepmania/pull/2184
45
/ 100
moderate-risk
Severity 31/34 · Critical
Exploitability 1/34 · Minimal
Exposure 13/34 · Low