CVE Catalog

CVE-2025-68064

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

Local File Inclusion (LFI) vulnerability in Goya Core plugin versions prior to 1.0.9.4 allows a contributor to read arbitrary files on the server.

Risk Assessment

An attacker with contributor privileges can access sensitive configuration files, user data, or source code, potentially leading to privilege escalation or data leakage.

Recommendation

Immediately update the Goya Core plugin to version 1.0.9.4 or later and restrict contributor privileges to the minimum necessary for their work.

Original NVD description (English source)

Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS