SecBoard
Zurück zur CVE-Übersicht

CVE-2025-51056

HIGH(8.2)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Risk Signal Score21/100 — NIEDRIG
  • CVSS 8.2 — Hoch

EPSS-Score

1%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

8.2

Technische Schwere

Beschreibung

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).

Referenzen