CVE-2025-66384

Description

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.

PUBLISHED Reserved 2025-11-28 | Published 2025-11-28 | Updated 2025-11-28 | Assigner mitre

Problem types

CWE-684 Incorrect Provision of Specified Functionality

Product status

References

github.com/...ommit/6867f0d3157a1959154bdad9ddac009dec6a19f5

github.com/MISP/MISP/compare/v2.5.23...v2.5.24

cve.org (CVE-2025-66384)

nvd.nist.gov (CVE-2025-66384)

Download JSON