← Voltar para CVEs
CVE-2025-24891
CRITICAL9.6
Descricao
Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject malicious payloads into files ran on schedule or upon certain service actions. As the service is not required to run with authentication enabled, this may permit wholly unprivileged users root access. Otherwise, anybody with a PIN.
Detalhes CVE
Pontuacao CVSS v3.19.6
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado1/31/2025
Ultima modificacao1/31/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-22CWE-276
Referencias
https://github.com/DumbWareio/DumbDrop/commit/cb586316648ccbfb21d27b84e90d72ccead9819d(security-advisories@github.com)
https://github.com/DumbWareio/DumbDrop/security/advisories/GHSA-24f2-fv38-3274(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.