We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-1025



Description

Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter.

Reserved 2025-02-04 | Published 2025-02-05 | Updated 2025-02-05 | Assigner snyk


HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:PHIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P

Problem types

Arbitrary File Upload

Credits

Chi Siang Choo

References

security.snyk.io/vuln/SNYK-PHP-COCKPITHQCOCKPIT-8516320

github.com/...ommit/becca806c7071ecc732521bb5ad0bb9c64299592

github.com/...ommit/984ef9ad270357b843af63c81db95178eae42cae

gist.github.com/CHOOCS/fe1227443544d5d74c33982814f290af

cve.org (CVE-2025-1025)

nvd.nist.gov (CVE-2025-1025)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2025-1025

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.