CVE-2025-30353 – This vulnerability in Directus exposes sensitiv... (How to Fix)

Q: What is the severity of CVE-2025-30353?

CVE-2025-30353 has a CVSS score of 8.6 (HIGH). This vulnerability in Directus exposes sensitive data including environmental variables, API keys, and user information when a Flow with a Webhook trigger encounters a ValidationError. Attackers can exploit this to gain unauthorized access to sensitive information. Affected systems are Directus instances running versions 9.12.0 through 11.4.x.

📋 TL;DR

This vulnerability in Directus exposes sensitive data including environmental variables, API keys, and user information when a Flow with a Webhook trigger encounters a ValidationError. Attackers can exploit this to gain unauthorized access to sensitive information. Affected systems are Directus instances running versions 9.12.0 through 11.4.x.

💻 Affected Systems

Products:

Directus

Versions: 9.12.0 through 11.4.x

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using Flows with Webhook triggers and 'Data of Last Operation' response body that encounter ValidationErrors from condition operations.

📦 What is this software?

Directus by Monospace

View all CVEs affecting Directus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through exposed API keys and environmental variables, leading to data breaches, privilege escalation, and complete system takeover.

🟠

Likely Case

Exposure of sensitive configuration data and user information, enabling further attacks and potential data exfiltration.

🟢

If Mitigated

Limited exposure of non-critical operational data with proper access controls and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires triggering specific error conditions in configured Flows. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.5.0

Vendor Advisory: https://github.com/directus/directus/security/advisories/GHSA-fm3h-p9wm-h74h

Restart Required: No

Instructions:

1. Update Directus to version 11.5.0 or later. 2. Run 'npm update directus' or use your package manager. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable vulnerable Flows

all

Temporarily disable any Flows using Webhook triggers with 'Data of Last Operation' response body

Implement error handling middleware

all

Add custom middleware to sanitize error responses before they reach clients

🧯 If You Can't Patch

Implement strict network segmentation to isolate Directus instances
Deploy WAF rules to filter error responses containing sensitive data patterns

🔍 How to Verify

Check if Vulnerable:

Check Directus version and review Flow configurations for Webhook triggers with 'Data of Last Operation' response body

Check Version:

directus version

Verify Fix Applied:

Confirm Directus version is 11.5.0 or later and test error responses from configured Flows

📡 Detection & Monitoring

Log Indicators:

Error responses containing environmental variables or API keys in logs
Unusual ValidationError patterns in Flow execution logs

Network Indicators:

HTTP responses containing sensitive data patterns in error payloads
Unusual traffic to Flow endpoints

SIEM Query:

source="directus" AND ("ValidationError" OR "environment" OR "API_KEY") AND status=500

📊 Metadata

CVE ID: CVE-2025-30353

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-200

EPSS Score: 0.15% exploit probability (36.2th percentile)

Published: March 26, 2025

Last Updated: August 26, 2025

🔗 References

https://github.com/directus/directus/security/advisories/GHSA-fm3h-p9wm-h74h Exploit,Third Party Advisory
https://github.com/directus/directus/security/advisories/GHSA-fm3h-p9wm-h74h Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30353, you might also want to check these: