CVE-2025-6776 | xiaoyunjie openvpn-cms-flask up to 1.2.7 File Upload controller.py upload image path traversal (Issue 23)

Inserito da Angelo Barbosa | Giu 27, 2025 | CVE

A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal.

This vulnerability was named CVE-2025-6776. The attack can be initiated remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-6776 | xiaoyunjie openvpn-cms-flask up to 1.2.7 File Upload controller.py upload image path traversal (Issue 23)

Post correlati

CVE-2025-23852 | First Comment Redirect Plugin up to 1.0.3 on WordPress cross site scripting

CVE-2024-44195 | Apple macOS up to 15.0 App information disclosure

CVE-2024-4756 | WP Backpack Plugin up to 2.1 on WordPress cross site scripting

CVE-2024-27497 | Linksys E2000 1.0.06 position.js improper authentication