CVE-2025-65713 Home-Assistant — Exploit & Vulnerability Details MEDIUM

CVE-2025-65713

MEDIUM CVSS 3.1: 4.0 EPSS 0.01%

Parameter	Value
CVSS	4.0 (MEDIUM)
Affected Versions	before 2025.8.0
Fixed In	2025.8.0
Type	CWE-22 (Path Traversal)
Vendor	Home-Assistant
Public PoC	No

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-22 Path Traversal

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Home-Assistant Home-Assistant cpe:2.3:a:home-assistant:home-assistant::::::::	—	`2025.8.0`

References 2

https://gist.github.com/GenoWang/7359360285e0fe21a7a58d10ff71d032

cve@mitre.org

https://github.com/home-assistant/core/pull/150046

cve@mitre.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33045

Home-Assistant

7.3

CVE-2026-33044

Home-Assistant

7.3

Menu

CVE-2025-65713

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 2

Related Vulnerabilities

CVE-2026-33045

CVE-2026-33044

CVE Details

Editor's Choice

Menu

CVE-2025-65713

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 2

Related Vulnerabilities

CVE-2026-33045

CVE-2026-33044

CVE Details

Editor's Choice

Stay informed on cybersecurity