1  info:
 2    name: pyload-ng
 3    cve: CVE-2025-54140
 4    summary: pyLoad has a Path Traversal Vulnerability in the json/upload Endpoint that allows Arbitrary File Write.
 5    details: |
 6      An authenticated path traversal vulnerability exists in the `/json/upload` endpoint of `pyLoad`.
 7      By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory,
 8      allowing them to write arbitrary files to any location on the system accessible to the pyLoad process.
 9      This can lead to Remote Code Execution (RCE), Local Privilege Escalation, system-wide compromise, and persistence/backdoors.
10      The vulnerability stems from a lack of sanitization or validation on `file.filename` in `src/pyload/webui/app/blueprints/json_blueprint.py`,
11      allowing traversal via `../../` sequences.
12    cvss: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
13    severity: HIGH
14    security_advise: |
15      1. Upgrade to pyload-ng version 0.5.0b3.dev90 or later.
16      2. Implement strict input validation and sanitization for filenames in the `/json/upload` endpoint to prevent path traversal sequences.
17      3. Ensure that the directory where uploaded files are saved is properly secured and has minimal write permissions.
18  rule: version < "0.5.0b3.dev90"
19  references:
20    - https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg
21    - https://nvd.nist.gov/vuln/detail/CVE-2025-54140
22    - https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0
23    - https://github.com/pyload/pyload
24    - https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109