Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-1980

Summary
Assigner-CERT-PL
Assigner Org ID-4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At-16 Apr, 2025 | 12:35
Updated At-16 Apr, 2025 | 14:28
Rejected At-
Credits

Remote Code Execution via Unrestricted File Upload in Ready_

The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. Refer to the Required Configuration for Exposure section for more information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERT-PL
Assigner Org ID:4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At:16 Apr, 2025 | 12:35
Updated At:16 Apr, 2025 | 14:28
Rejected At:
▼CVE Numbering Authority (CNA)
Remote Code Execution via Unrestricted File Upload in Ready_

The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. Refer to the Required Configuration for Exposure section for more information.

Affected Products
Vendor
Symfonia
Product
Ready_
Default Status
unaffected
Versions
Affected
  • From 7.0.0.0 through 7.19.39.23 (semver)
  • From 8.0.0.0 through 8.0.2.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4.09.4CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations

Impacted instances are those whose PHP files stored in public_html/apps/edokumenty/var can be executed. This can be simply checked using the following temporary PHP file: <? echo 'test'; If you see 'test' after navigating to that file in the browser, it means that this instance is misconfigured and allows for the execution of uploaded files.

Workarounds
Exploits
Credits
finder
Maksymilian Kubiak, Sławomir Zakrzewski, Jakub Stankiewicz - Afine Team
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.pl/posts/2025/04/CVE-2025-1980
third-party-advisory
https://cert.pl/en/posts/2025/04/CVE-2025-1980
third-party-advisory
https://ready-os.com/pl/
product
Hyperlink: https://cert.pl/posts/2025/04/CVE-2025-1980
Resource:
third-party-advisory
Hyperlink: https://cert.pl/en/posts/2025/04/CVE-2025-1980
Resource:
third-party-advisory
Hyperlink: https://ready-os.com/pl/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cvd@cert.pl
Published At:16 Apr, 2025 | 13:15
Updated At:16 Apr, 2025 | 13:25

The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. Refer to the Required Configuration for Exposure section for more information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.4CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-434Primarycvd@cert.pl
CWE ID: CWE-434
Type: Primary
Source: cvd@cert.pl
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert.pl/en/posts/2025/04/CVE-2025-1980cvd@cert.pl
N/A
https://cert.pl/posts/2025/04/CVE-2025-1980cvd@cert.pl
N/A
https://ready-os.com/pl/cvd@cert.pl
N/A
Hyperlink: https://cert.pl/en/posts/2025/04/CVE-2025-1980
Source: cvd@cert.pl
Resource: N/A
Hyperlink: https://cert.pl/posts/2025/04/CVE-2025-1980
Source: cvd@cert.pl
Resource: N/A
Hyperlink: https://ready-os.com/pl/
Source: cvd@cert.pl
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2025-1981
Matching Score-8
Assigner-CERT.PL
ShareView Details
Matching Score-8
Assigner-CERT.PL
CVSS Score-9.4||CRITICAL
EPSS-0.16% / 37.37%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:36
Updated-16 Apr, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Injection in Ready_

Improper neutralization of input provided by a low-privileged user into a file search functionality in Ready_'s Invoices module allows for SQL Injection attacks.

Action-Not Available
Vendor-Symfonia
Product-Ready_
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-25056
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.14% / 34.74%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 16:47
Updated-05 Feb, 2026 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
n8n Arbitrary File Write leading to RCE in n8n Merge Node

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0.

Action-Not Available
Vendor-n8n-io
Product-n8n
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-51743
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-3.83% / 87.91%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 20:04
Updated-04 Sep, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Write leading up to remote code execution (instructor accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.

Action-Not Available
Vendor-markusprojectMarkUsProjectmarkusproject
Product-markusMarkusmarkus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51499
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-1.68% / 81.89%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 19:52
Updated-04 Sep, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.

Action-Not Available
Vendor-markusprojectMarkUsProject
Product-markusMarkus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-54071
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.4||CRITICAL
EPSS-1.21% / 78.70%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 20:09
Updated-22 Jul, 2025 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RomM's authenticated arbitrary file write vulnerability can lead to Remote Code Execution

RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the system. The vulnerability permits arbitrary file write operations, allowing attackers to create or modify files at any filesystem location with user-supplied content. A user with viewer role or Scope.ASSETS_WRITE permission or above is required to pass authentication checks. The vulnerability is fixed in version 4.0.0-beta.4.

Action-Not Available
Vendor-rommapp
Product-romm
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-53942
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.4||CRITICAL
EPSS-0.15% / 35.70%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 19:53
Updated-31 Dec, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter.

Action-Not Available
Vendor-leefishleefish
Product-file_thingieFile Thingie
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
Details not found