CVE-2025-49143
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Nautobot may allows uploaded media files to be accessible without authentication
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh
- https://nvd.nist.gov/vuln/detail/CVE-2025-49143
- https://github.com/nautobot/nautobot/pull/6672
- https://github.com/nautobot/nautobot/pull/6703
- https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340
- https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95
- https://github.com/nautobot/nautobot
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.