published date: July 15, 2025

CVE-2025-53885 : Directus is a real-time...

Description

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the "Log to Console" operation and a template string. Malicious admins can log sensitive data from other users when they are created or updated. Version 11.9.0 contains a fix for the issue. As a workaround, avoid logging sensitive data to the console outside the context of development.

Product(s):

Monospace Directus for Node.js
Monospace Directus 10.10.0 for Node.js
Monospace Directus 10.10.1 for Node.js
Monospace Directus 10.10.2 for Node.js
Monospace Directus 10.10.3 for Node.js
Monospace Directus 10.10.4 for Node.js
Monospace Directus 10.10.5 for Node.js
Monospace Directus 10.10.6 for Node.js
Monospace Directus 10.10.7 for Node.js
Monospace Directus 10.11.0 for Node.js
Monospace Directus 10.11.1 for Node.js
Monospace Directus 10.11.2 for Node.js
Monospace Directus 10.12.0 for Node.js
Monospace Directus 10.12.1 for Node.js
Monospace Directus 10.13.0 for Node.js
Monospace Directus 10.13.1 for Node.js
Monospace Directus 10.13.2 for Node.js
Monospace Directus 10.13.3 for Node.js
Monospace Directus 10.13.4 for Node.js
Monospace Directus 10.3.0 for Node.js
Monospace Directus 10.4.0 for Node.js
Monospace Directus 10.4.2 for Node.js
Monospace Directus 10.4.3 for Node.js
Monospace Directus 10.5.0 for Node.js
Monospace Directus 10.5.1 for Node.js
Monospace Directus 10.5.2 for Node.js
Monospace Directus 10.5.3 for Node.js
Monospace Directus 10.6.1 for Node.js
Monospace Directus 10.6.2 for Node.js
Monospace Directus 10.6.3 for Node.js
Monospace Directus 10.6.4 for Node.js
Monospace Directus 10.7.0 - for Node.js
Monospace Directus 10.7.0 Beta 0 for Node.js
Monospace Directus 10.7.1 for Node.js
Monospace Directus 10.7.2 for Node.js
Monospace Directus 10.8.0 for Node.js
Monospace Directus 10.8.1 for Node.js
Monospace Directus 10.8.2 for Node.js
Monospace Directus 10.8.3 for Node.js
Monospace Directus 10.9.0 for Node.js
Monospace Directus 10.9.1 for Node.js
Monospace Directus 10.9.2 for Node.js
Monospace Directus 10.9.3 for Node.js
Monospace Directus 11.0.0 for Node.js
Monospace Directus 11.0.0 Release Candidate 1 for Node.js
Monospace Directus 11.0.0 Release Candidate 2 for Node.js
Monospace Directus 11.0.0 Release Candidate 3 for Node.js
Monospace Directus 11.0.1 for Node.js
Monospace Directus 11.0.2 for Node.js
Monospace Directus 11.1.0 for Node.js
Monospace Directus 11.1.1 for Node.js
Monospace Directus 11.1.2 for Node.js
Monospace Directus 11.2.0 for Node.js
Monospace Directus 11.2.1 for Node.js
Monospace Directus 11.2.2 for Node.js
Monospace Directus 11.3.0 for Node.js
Monospace Directus 11.3.1 for Node.js
Monospace Directus 11.3.2 for Node.js
Monospace Directus 11.3.3 for Node.js
Monospace Directus 11.3.4 for Node.js
Monospace Directus 11.3.5 for Node.js
Monospace Directus 11.4.0 for Node.js
Monospace Directus 11.4.1 for Node.js
Monospace Directus 11.5.0 for Node.js
Monospace Directus 11.5.1 for Node.js
Monospace Directus 11.6.0 for Node.js
Monospace Directus 11.6.1 for Node.js
Monospace Directus 11.7.0 for Node.js
Monospace Directus 11.7.1 for Node.js
Monospace Directus 11.7.2 for Node.js
Monospace Directus 11.8.0 for Node.js
Monospace Directus 9.0.0 for Node.js
Monospace Directus 9.0.0 Alpha 10 for Node.js
Monospace Directus 9.0.0 Alpha 11 for Node.js
Monospace Directus 9.0.0 Alpha 12 for Node.js
Monospace Directus 9.0.0 Alpha 13 for Node.js
Monospace Directus 9.0.0 Alpha 14 for Node.js
Monospace Directus 9.0.0 Alpha 15 for Node.js
Monospace Directus 9.0.0 Alpha 16 for Node.js
Monospace Directus 9.0.0 Alpha 17 for Node.js
Monospace Directus 9.0.0 Alpha 18 for Node.js
Monospace Directus 9.0.0 Alpha 19 for Node.js
Monospace Directus 9.0.0 Alpha 1 for Node.js
Monospace Directus 9.0.0 Alpha 20 for Node.js
Monospace Directus 9.0.0 Alpha 21 for Node.js
Monospace Directus 9.0.0 Alpha 22 for Node.js
Monospace Directus 9.0.0 Alpha 23 for Node.js
Monospace Directus 9.0.0 Alpha 24 for Node.js
Monospace Directus 9.0.0 Alpha 25 for Node.js
Monospace Directus 9.0.0 Alpha 26 for Node.js
Monospace Directus 9.0.0 Alpha 27 for Node.js
Monospace Directus 9.0.0 Alpha 2 for Node.js
Monospace Directus 9.0.0 Alpha 31 for Node.js
Monospace Directus 9.0.0 Alpha 32 for Node.js
Monospace Directus 9.0.0 Alpha 33 for Node.js
Monospace Directus 9.0.0 Alpha 34 for Node.js
Monospace Directus 9.0.0 Alpha 35 for Node.js
Monospace Directus 9.0.0 Alpha 36 for Node.js
Monospace Directus 9.0.0 Alpha 37 for Node.js
Monospace Directus 9.0.0 Alpha 38 for Node.js
+170 additional

CVSS:4.2 [Critical]
EPSS:0.01%
Exploitability:0.6
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2025-53885, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2025-53885 in your products or services, and how will you communicate updates on this issue to us as your customer?

CVE-2025-53885 : Directus is a real-time...

Description

Product(s):

Question to Ask Vendors:

Recommended Actions:

References:

READY TO GET RESULTS YOU CAN TRUST?