CVE-2025-30352

5.3 MEDIUM

Authentication Bypass

📋 TL;DR

This vulnerability in Directus allows authenticated users to enumerate database field contents they shouldn't have permission to view. By exploiting the search parameter, attackers can infer values from restricted fields through search filtering. This affects all Directus instances running versions 9.0.0-alpha.4 through 11.4.x.

💻 Affected Systems

Products:

Directus

Versions: 9.0.0-alpha.4 through 11.4.x

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects instances where users have access to collections but restricted field permissions exist.

📦 What is this software?

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

Directus by Monospace

View all CVEs affecting Directus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could reconstruct sensitive data from restricted fields, potentially exposing personally identifiable information, financial data, or other confidential information stored in the database.

🟠

Likely Case

Privileged users or attackers who compromise user accounts can enumerate partial data from fields they shouldn't access, potentially revealing sensitive information patterns or metadata.

🟢

If Mitigated

With proper field-level permissions and access controls, the impact is limited to inferring data existence rather than full content extraction.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to a collection and involves manipulating search queries to infer field values.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.5.0

Vendor Advisory: https://github.com/directus/directus/security/advisories/GHSA-7wq3-jr35-275c

Restart Required: Yes

Instructions:

1. Backup your Directus instance and database. 2. Update Directus to version 11.5.0 or later using your package manager. 3. Restart the Directus service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Search Permissions

all

Temporarily disable search functionality for collections containing sensitive fields until patching is possible.

Modify collection permissions in Directus admin interface to remove search capabilities

🧯 If You Can't Patch

Implement strict field-level permissions and audit all user access to sensitive collections
Monitor API logs for unusual search patterns targeting restricted fields

🔍 How to Verify

Check if Vulnerable:

Check if your Directus version is between 9.0.0-alpha.4 and 11.4.x inclusive

Check Version:

npx directus version

Verify Fix Applied:

Confirm Directus version is 11.5.0 or later and test that search queries respect field permissions

📡 Detection & Monitoring

Log Indicators:

Unusual search query patterns targeting fields users shouldn't access
Multiple search requests with incremental parameter variations

Network Indicators:

API requests with search parameters targeting known restricted fields

SIEM Query:

source="directus" AND (search OR filter) AND status=200 AND user_privilege="limited"

📊 Metadata

CVE ID: CVE-2025-30352

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

EPSS Score: 0.1% exploit probability (28.5th percentile)

Published: March 26, 2025

Last Updated: August 26, 2025

🔗 References

https://github.com/directus/directus/commit/ac5a9964d9926f20dc063a74cb417dc7bbad676d Patch
https://github.com/directus/directus/security/advisories/GHSA-7wq3-jr35-275c Third Party Advisory
https://github.com/directus/directus/security/advisories/GHSA-7wq3-jr35-275c Third Party Advisory