CVE-2025-54769 | THREATINT

Description

An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.

PUBLISHED Reserved 2025-07-28 | Published 2025-07-28 | Updated 2025-11-03 | Assigner KoreLogic

Problem types

CWE-24 Path Traversal: '../filedir'

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-648 Incorrect Use of Privileged APIs

Product status

Default status

affected

8.04

affected

Credits

This vulnerability was discovered by Jim Becher of KoreLogic, Inc. finder

References

seclists.org/fulldisclosure/2025/Jul/19

korelogic.com/Resources/Advisories/KL-001-2025-016.txt third-party-advisory

lpar2rrd.com/note800.php release-notes

cve.org (CVE-2025-54769)

nvd.nist.gov (CVE-2025-54769)

Download JSON

help @ threatint.eu