These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-24924 affects GMOD Apollo versions before 2.8.0. According to the CISA advisory, certain functionality can be reached without authentication when passed an administrative username. GMOD’s remediation is to update to version 2.8.0. Because Apollo is covered in a CISA industrial control systems advisory, defenders should treat this as a priority authentication issue and verify exposure in any deplo [truncated]
CVE-2025-23410 is a critical path-traversal weakness in GMOD Apollo’s web upload flow for organism or sequence data. According to CISA’s advisory, Apollo versions before 2.8.0 unzip and inspect supported archive types without checking for traversal in archive paths, so the safest response is to upgrade to 2.8.0 as soon as possible.
CVE-2025-21092 is a medium-severity authorization issue in GMOD Apollo. CISA states that the product does not have sufficient logical or access checks when updating a user's information, which could allow an attacker to escalate privileges for themselves or others. The affected range is GMOD Apollo versions prior to 2.8.0, and the vendor remediation is to update to version 2.8.0.
CVE-2025-20002 affects GMOD Apollo and was published on 2025-03-04. According to the CISA advisory, if a user attempts to upload a file that does not meet prerequisites, Apollo can reveal local path information. The issue is rated medium severity (CVSS 5.3) and is addressed by upgrading to Apollo 2.8.0.