exploitDog

CVE-2025-51056

Опубликовано: 06 авг. 2025

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).

Ссылки

http://bottinelli.com
Broken Link
https://github.com/jacopoaugelli/vedo-suite-exploits
Exploit
https://github.com/jacopoaugelli/vedo-suite-exploits
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vedo_suite_project:vedo_suite:2024.17:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00113

Низкий

8.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-3m7j-r8r9-c4cp

CVSS3: 8.2

github

6 месяцев назад

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).

EPSS

Процентиль: 31%

0.00113

Низкий

8.2 High

CVSS3

Дефекты

CWE-434