Primary

Context

FreedomBox Improper Permissions Vulnerability in Backups-Data Directory Allowing Database Dump Access

Vulnerability

Patched

A vulnerability exists in FreedomBox versions prior to 25.17.1, where the backups-data directory does not have the correct permissions. This misconfiguration allows unauthorized reading of database dump files, potentially exposing sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to database dump files, which may contain sensitive information.

Reproduction

On a fresh installation of FreedomBox without the patch, the backups-data directory is created with incorrect permissions, allowing unauthorized access to database dump files. After applying the patch, the directory is created with the correct permissions, restricting access to root users only.

Remediation

Users can update to FreedomBox version 25.17.1 or later, where this vulnerability has been addressed.

Added: Dec 18, 2025, 6:18 AM

Updated: Dec 18, 2025, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

5.9

remediation

7.7

relevance

1.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

5.9

remediation

7.7

relevance

1.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreedomBox Improper Permissions Vulnerability in Backups-Data Directory Allowing Database Dump Access

Vulnerability

Impact

Reproduction

Remediation

Affected Products

FreedomBox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating