Main Vulnerability Database Vulnerabilities #VU114477

#VU114477 Improper Encoding or Escaping of Output in AIDE - CVE-2025-54389

Published: August 27, 2025

Vulnerability identifier: #VU114477

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-54389

CWE-ID: CWE-116

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
AIDE

Software vendor:
AIDE

Description

The vulnerability allows a remote attacker to bypass detection rules.

The vulnerability exists due to improper input validation when handling file names. A remote attacker can pass a specially crafted file to the application and hide or remove the file from the logs or bypass AIDE detection of malicious files.

Remediation

Install updates from vendor's website.

External links

https://github.com/aide/aide/commit/64c8f32b0349c33fb8382784af468338078851f9
https://github.com/aide/aide/releases/tag/v0.19.2
https://github.com/aide/aide/security/advisories/GHSA-522j-vvx9-gg28

#VU114477 Improper Encoding or Escaping of Output in AIDE - CVE-2025-54389

Description

Remediation

External links

Please verify you're human