exploitDog

CVE-2025-51057

Опубликовано: 06 авг. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.

Ссылки

http://bottinelli.com
Broken Link
https://github.com/jacopoaugelli/vedo-suite-exploits
Exploit
https://github.com/jacopoaugelli/vedo-suite-exploits
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vedo_suite_project:vedo_suite:2024.17:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00055

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-98

Связанные уязвимости

GHSA-73xg-xcp8-j983

CVSS3: 6.5

github

6 месяцев назад

A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.

EPSS

Процентиль: 17%

0.00055

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-98