{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54802", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-29T16:50:28.395Z", "datePublished": "2025-08-05T00:06:48.834Z", "dateUpdated": "2025-08-05T14:29:43.201Z"}, "containers": {"cna": {"title": "pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE)", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264"}, {"name": "https://github.com/pyload/pyload/pull/4596", "tags": ["x_refsource_MISC"], "url": "https://github.com/pyload/pyload/pull/4596"}, {"name": "https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4", "tags": ["x_refsource_MISC"], "url": "https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4"}], "affected": [{"vendor": "pyload", "product": "pyload", "versions": [{"version": ">= 0.5.0b3.dev89, < 0.5.0b3.dev90", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-05T00:06:48.834Z"}, "descriptions": [{"lang": "en", "value": "pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90."}], "source": {"advisory": "GHSA-48rp-jc79-2264", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-05T14:29:40.016514Z", "id": "CVE-2025-54802", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-05T14:29:43.201Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54802", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-05T14:29:40.016514Z"}}}], "references": [{"url": "https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-05T14:29:26.654Z"}}], "cna": {"title": "pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE)", "source": {"advisory": "GHSA-48rp-jc79-2264", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pyload", "product": "pyload", "versions": [{"status": "affected", "version": ">= 0.5.0b3.dev89, < 0.5.0b3.dev90"}]}], "references": [{"url": "https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264", "name": "https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pyload/pyload/pull/4596", "name": "https://github.com/pyload/pyload/pull/4596", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4", "name": "https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-05T00:06:48.834Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54802", "state": "PUBLISHED", "dateUpdated": "2025-08-05T14:29:43.201Z", "dateReserved": "2025-07-29T16:50:28.395Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-08-05T00:06:48.834Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90."}, {"lang": "es", "value": "pyLoad es un gestor de descargas gratuito y de c\u00f3digo abierto escrito en Python puro. En las versiones 0.5.0b3.dev89 y anteriores, existe la posibilidad de path traversal en el CNL Blueprint de pyLoad-ng mediante el par\u00e1metro \"paquete\", lo que permite la escritura arbitraria de archivos y la ejecuci\u00f3n remota de c\u00f3digo (RCE). El endpoint addcrypted de pyload-ng presenta una vulnerabilidad de construcci\u00f3n de rutas inseguras, que permite a atacantes no autenticados escribir archivos arbitrarios fuera del directorio de almacenamiento designado. Esto puede utilizarse para sobrescribir archivos cr\u00edticos del sistema, como tareas cron y servicios systemd, lo que provoca la escalada de privilegios y la ejecuci\u00f3n remota de c\u00f3digo como root. Este problema se solucion\u00f3 en la versi\u00f3n 0.5.0b3.dev90."}], "id": "CVE-2025-54802", "lastModified": "2025-08-05T15:15:31.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-08-05T01:15:42.240", "references": [{"source": "[email protected]", "url": "https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4"}, {"source": "[email protected]", "url": "https://github.com/pyload/pyload/pull/4596"}, {"source": "[email protected]", "url": "https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Secondary"}]}

{}