Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-1025
PUBLISHED
More InfoOfficial Page
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
View Known Exploited Vulnerability (KEV) details
Published At-05 Feb, 2025 | 05:00
Updated At-05 Feb, 2025 | 19:27
Rejected At-
▼CVE Numbering Authority (CNA)

Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter.

Affected Products
Vendor
n/a
Product
cockpit-hq/cockpit
Versions
Affected
  • From 0 before 2.4.1 (semver)
Problem Types
TypeCWE IDDescription
N/AN/AArbitrary File Upload
Type: N/A
CWE ID: N/A
Description: Arbitrary File Upload
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Chi Siang Choo
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-PHP-COCKPITHQCOCKPIT-8516320
N/A
https://github.com/Cockpit-HQ/Cockpit/commit/becca806c7071ecc732521bb5ad0bb9c64299592
N/A
https://github.com/Cockpit-HQ/Cockpit/commit/984ef9ad270357b843af63c81db95178eae42cae
N/A
https://gist.github.com/CHOOCS/fe1227443544d5d74c33982814f290af
N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-PHP-COCKPITHQCOCKPIT-8516320
Resource: N/A
Hyperlink: https://github.com/Cockpit-HQ/Cockpit/commit/becca806c7071ecc732521bb5ad0bb9c64299592
Resource: N/A
Hyperlink: https://github.com/Cockpit-HQ/Cockpit/commit/984ef9ad270357b843af63c81db95178eae42cae
Resource: N/A
Hyperlink: https://gist.github.com/CHOOCS/fe1227443544d5d74c33982814f290af
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/CHOOCS/fe1227443544d5d74c33982814f290af
exploit
Hyperlink: https://gist.github.com/CHOOCS/fe1227443544d5d74c33982814f290af
Resource:
exploit
Details not found