Home

Description

An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.

PUBLISHED Reserved 2025-06-26 | Published 2025-08-25 | Updated 2025-08-25 | Assigner rapid7




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

9.0.* (semver)
affected

Credits

Aaron Herndon, Principal Security Consultant, and Marcus Chang, Security Consultant, both of Rapid7. finder

References

www.rapid7.com/...m-multiple-critical-vulnerabilities-fixed/ third-party-advisory

cve.org (CVE-2025-53119)

nvd.nist.gov (CVE-2025-53119)

Download JSON