Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| directus | directus | affected |
|
No data.
| Vendor | Product | Confidence | Versions |
|---|---|---|---|
| Directus | Directus | — | — |
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-8jpw-gpr4-8cmh | Directus's conceal fields are searchable if read permissions enabled |
Mon, 08 Dec 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Monospace
Monospace directus |
|
| CPEs | cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Monospace
Monospace directus |
Fri, 14 Nov 2025 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Directus
Directus directus |
|
| Vendors & Products |
Directus
Directus directus |
Thu, 13 Nov 2025 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 13 Nov 2025 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked (`****`), successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Version 11.13.0 fixes the issue. | |
| Title | Directus's conceal fields are searchable if read permissions enabled | |
| Weaknesses | CWE-201 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-11-13T21:39:43.765Z
Reserved: 2025-11-10T22:29:34.872Z
Link: CVE-2025-64748
Vulnrichment
Updated: 2025-11-13T21:39:40.255Z
NVD
Status : Analyzed
Published: 2025-11-13T22:15:52.183
Modified: 2025-12-08T15:00:53.110
Link: CVE-2025-64748
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-11-14T09:27:43Z