CVE-2025-66384 | MISP up to 2.5.23 EventsController.php tmp_name incorrect provision of specified functionality

Inserito da Angelo Barbosa | Nov 28, 2025 | CVE

A vulnerability labeled as problematic has been found in MISP up to 2.5.23. This affects the function tmp_name of the file app/Controller/EventsController.php. Executing manipulation can lead to incorrect provision of specified functionality.

This vulnerability is tracked as CVE-2025-66384. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.

CVE-2025-66384 | MISP up to 2.5.23 EventsController.php tmp_name incorrect provision of specified functionality

Post correlati

CVE-2024-30193 | Andy Moyle Church Admin Plugin up to 4.1.17 on WordPress cross site scripting

CVE-2023-6527 | Email Subscription Popup Plugin up to 1.2.18 on WordPress cross site scripting

CVE-2025-10965 | LazyAGI LazyLLM up to 0.6.1 server.py lazyllm_call deserialization (Issue 764)

CVE-2025-21348 | Microsoft