{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6776", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-27T11:03:00.846Z", "datePublished": "2025-06-27T20:00:22.320Z", "dateUpdated": "2025-06-27T20:11:41.582Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-27T20:00:22.320Z"}, "title": "xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "xiaoyunjie", "product": "openvpn-cms-flask", "versions": [{"version": "1.2.0", "status": "affected"}, {"version": "1.2.1", "status": "affected"}, {"version": "1.2.2", "status": "affected"}, {"version": "1.2.3", "status": "affected"}, {"version": "1.2.4", "status": "affected"}, {"version": "1.2.5", "status": "affected"}, {"version": "1.2.6", "status": "affected"}, {"version": "1.2.7", "status": "affected"}, {"version": "1.2.8", "status": "unaffected"}], "modules": ["File Upload"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The name of the patch is e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In xiaoyunjie openvpn-cms-flask bis 1.2.7 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion Upload der Datei app/plugins/oss/app/controller.py der Komponente File Upload. Durch das Beeinflussen des Arguments image mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.2.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e23559b98c8ea2957f09978c29f4e512ba789eb6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-06-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-27T13:08:07.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Tritium (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.314092", "name": "VDB-314092 | xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.314092", "name": "VDB-314092 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.602374", "name": "Submit #602374 | xiaoyunjie openvpn-cms-flask 1.2.7 Arbitrary File Write", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/23", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6", "tags": ["patch"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-27T20:11:29.421512Z", "id": "CVE-2025-6776", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-27T20:11:41.582Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6776", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-27T20:11:29.421512Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-27T20:11:33.640Z"}}], "cna": {"title": "xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "Tritium (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "xiaoyunjie", "modules": ["File Upload"], "product": "openvpn-cms-flask", "versions": [{"status": "affected", "version": "1.2.0"}, {"status": "affected", "version": "1.2.1"}, {"status": "affected", "version": "1.2.2"}, {"status": "affected", "version": "1.2.3"}, {"status": "affected", "version": "1.2.4"}, {"status": "affected", "version": "1.2.5"}, {"status": "affected", "version": "1.2.6"}, {"status": "affected", "version": "1.2.7"}, {"status": "unaffected", "version": "1.2.8"}]}], "timeline": [{"lang": "en", "time": "2025-06-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-27T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-27T13:08:07.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.314092", "name": "VDB-314092 | xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.314092", "name": "VDB-314092 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.602374", "name": "Submit #602374 | xiaoyunjie openvpn-cms-flask 1.2.7 Arbitrary File Write", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/23", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6", "tags": ["patch"]}, {"url": "https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The name of the patch is e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In xiaoyunjie openvpn-cms-flask bis 1.2.7 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion Upload der Datei app/plugins/oss/app/controller.py der Komponente File Upload. Durch das Beeinflussen des Arguments image mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.2.8 vermag dieses Problem zu l\u00f6sen. Der Patch wird als e23559b98c8ea2957f09978c29f4e512ba789eb6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-27T20:00:22.320Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6776", "state": "PUBLISHED", "dateUpdated": "2025-06-27T20:11:41.582Z", "dateReserved": "2025-06-27T11:03:00.846Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-27T20:00:22.320Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xiaoyunjie:openvpn-cms-flask:*:*:*:*:*:*:*:*", "matchCriteriaId": "F806EABF-F59C-4121-ABC8-01CE68B82C38", "versionEndExcluding": "1.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The name of the patch is e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad cr\u00edtica en xiaoyunjie openvpn-cms-flask hasta la versi\u00f3n 1.2.7. Esta vulnerabilidad afecta la funci\u00f3n \"Upload\" del archivo app/plugins/oss/app/controller.py del componente \"File Upload\". La manipulaci\u00f3n del argumento \"image\" provoca un path traversal. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 1.2.8 soluciona este problema. El parche se llama e23559b98c8ea2957f09978c29f4e512ba789eb6. Se recomienda actualizar el componente afectado."}], "id": "CVE-2025-6776", "lastModified": "2026-01-30T00:40:56.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-27T20:15:35.990", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/commit/e23559b98c8ea2957f09978c29f4e512ba789eb6"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/issues/23"}, {"source": "cna@vuldb.com", "tags": ["Release Notes"], "url": "https://github.com/xiaoyunjie/openvpn-cms-flask/releases/tag/v1.2.8"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.314092"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.314092"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.602374"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal", "id": "2375281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375281"}, "csaw": false, "cwe": "CWE-22", "details": ["A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The name of the patch is e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component."], "name": "CVE-2025-6776", "public_date": "2025-06-27T20:00:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6776"], "threat_severity": "Important"}

{}