{"id":59587,"date":"2025-07-23T13:48:28","date_gmt":"2025-07-23T13:48:28","guid":{"rendered":""},"modified":"2025-09-07T11:38:51","modified_gmt":"2025-09-07T17:38:51","slug":"cve-2025-53964-critical-file-manipulation-vulnerability-in-goldendict","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-53964-critical-file-manipulation-vulnerability-in-goldendict\/","title":{"rendered":"CVE-2025-53964: Critical File Manipulation Vulnerability in GoldenDict<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The CVE-2025-53964 is a major security vulnerability discovered in GoldenDict versions 1.5.0 and 1.5.1. This vulnerability revolves around an exposed dangerous method that could potentially allow unauthorized access to read and modify files when a user adds a maliciously crafted dictionary and performs a search for any term within that dictionary. This exploit can lead to severe consequences like system<\/a> compromise or data leakage. Given the severity and the potential impact of this vulnerability, it is critical for system<\/a> and network administrators to understand the nuances and take appropriate measures to mitigate the risks.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-53964
\nSeverity: Critical (9.6 CVSS Severity Score)
\nAttack Vector: Local file inclusion<\/a> (LFI)
\nPrivileges Required: User level
\nUser Interaction: Required
\nImpact: System compromise and potential<\/a> data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n