9.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-28384

GHSA ID

GHSA-p67j-387g-75wc

EPSS Score

0.7782%

CWE

CWE-22

Published

6/13/2025

Updated

6/16/2025

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-28384

CVE-2025-28384: OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.

(GitHub Advisory)

9.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-28384

GHSA ID

GHSA-p67j-387g-75wc

EPSS Score

0.7782%

CWE

CWE-22

Published

6/13/2025

Updated

6/16/2025

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
openc3-cosmos-tool-iframe	rubygems	= 6.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*n issu* in t** /s*ript-*pi/s*ripts/ *n*point o* Op*n** *OSMOS *.*.* *llows *tt**k*rs to *x**ut* * *ir**tory tr*v*rs*l.

Reasoning

No *n*lysis *v*il**l*

9.1

Basic Information

Concerned about an active attack path?

CVE-2025-28384: OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint

9.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI