A vulnerability was found in Agora fall23-Alpha1 and classified as critical. This issue affects some unknown processing of the file server/controller/userController.js of the component Profile Picture Handler. The manipulation leads to unrestricted upload.
The identification of this vulnerability is CVE-2025-55135. The attack may be initiated remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.