CVE-2025-6776 | xiaoyunjie openvpn-cms-flask up to 1.2.7 File Upload controller.py upload image path traversal (Issue 23)

Inserito da Angelo Barbosa | Giu 27, 2025 | CVE

A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal.

This vulnerability was named CVE-2025-6776. The attack can be initiated remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-6776 | xiaoyunjie openvpn-cms-flask up to 1.2.7 File Upload controller.py upload image path traversal (Issue 23)

Post correlati

CVE-2024-12985 | Overtek OT-E801G OTE801G65.1.1.0 passwd&ipversion=4&sessionKey=test os command injection

CVE-2025-0370 | gn_themes WP Shortcodes Plugin up to 7.3.3 on WordPress cross site scripting

CVE-2025-40629 | PNETLab 4.2.10 HTTP Request path traversal

CVE-2024-30398 | Juniper Junos OS up to 23.2R1-S2 Packet Forwarding Engine memory corruption (JSA79176)