CVE-2025-54802

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4
https://github.com/pyload/pyload/pull/4596
https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264
https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264

Configurations

No configuration.

History

05 Aug 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264 -~~	() https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264 -

05 Aug 2025, 14:34

Type	Values Removed	Values Added
Summary		(es) pyLoad es un gestor de descargas gratuito y de código abierto escrito en Python puro. En las versiones 0.5.0b3.dev89 y anteriores, existe la posibilidad de path traversal en el CNL Blueprint de pyLoad-ng mediante el parámetro "paquete", lo que permite la escritura arbitraria de archivos y la ejecución remota de código (RCE). El endpoint addcrypted de pyload-ng presenta una vulnerabilidad de construcción de rutas inseguras, que permite a atacantes no autenticados escribir archivos arbitrarios fuera del directorio de almacenamiento designado. Esto puede utilizarse para sobrescribir archivos críticos del sistema, como tareas cron y servicios systemd, lo que provoca la escalada de privilegios y la ejecución remota de código como root. Este problema se solucionó en la versión 0.5.0b3.dev90.

05 Aug 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 01:15

Updated : 2025-08-05 15:15

NVD link : CVE-2025-54802

Mitre link : CVE-2025-54802

CVE.ORG link : CVE-2025-54802

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

9.8 /10