Every CVE whose affected-product data names Icewhale Casaos, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-37265 — CVSS 9.8 (critical): CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary…
CVE-2023-37266 — CVSS 9.8 (critical): CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require…
CVE-2024-24767 — CVSS 9.1 (critical): CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS…
CVE-2023-37469 — CVSS 8.8 (high): CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully…
CVE-2024-24765 — CVSS 7.5 (high): CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar…
CVE-2025-34171 — CVSS 5.3 (medium): CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive…