CVE-2025-67077

High CVSS: 8.8

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

Vendor

Agora-project

Product

Agora-project

CWE

CWE-434

Yayın Tarihi

2026-01-15 16:16:11

Güncelleme

2026-01-21 14:45:52

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Agora-project HIGH Agora-project 2026

Referanslar

https://www.agora-project.net https://www.helx.io/blog/advisory-agora-project/

Benzer Kayıtlar

High

CVE-2025-67076

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read fil…

Medium

CVE-2025-67078

Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary…

Critical

CVE-2025-67079

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL eng…