CVE-2025-54082
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-07-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| marshmallow-packages | nova-tiptap | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54082 is a critical vulnerability in the marshmallow-packages/nova-tiptap Laravel Nova package prior to version 5.7.0. It allows unauthenticated users to upload arbitrary files to any Laravel disk configured in the application because the /nova-tiptap/api/file upload endpoint lacks authentication middleware and file validation. Attackers can craft a POST request with a valid CSRF token to upload malicious or executable files (like .php scripts) to publicly accessible storage disks such as local, public, or S3. This can lead to remote code execution (RCE) or unauthorized distribution of malicious files. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized file uploads by unauthenticated attackers, potentially leading to remote code execution (RCE) if malicious files are uploaded to publicly accessible storage. This can compromise the server, allowing attackers to execute arbitrary code, distribute malware, or gain further access to the system. It poses a critical security risk to applications using vulnerable versions of nova-tiptap. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized POST requests to the /nova-tiptap/api/file upload endpoint, especially those that include a valid CSRF token but come from unauthenticated sources. You can use network monitoring tools or web server logs to identify such requests. For example, using command-line tools like curl to test the endpoint for unauthenticated file upload attempts: curl -X POST -F '[email protected]' -F 'disk=public' -b 'csrf_token=valid_token' https://yourdomain.com/nova-tiptap/api/file. Additionally, checking web server access logs for POST requests to /nova-tiptap/api/file from unknown or unauthenticated IPs can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediately upgrade the marshmallow-packages/nova-tiptap package to version 5.7.0 or later, which includes critical security patches enforcing authentication and file validation. After upgrading, ensure that authentication middleware (Nova and Nova.Auth) is properly configured on the /nova-tiptap/api/file endpoint. Configure allowed file types to exclude executable files and restrict uploads to approved storage disks only. Enforce file size limits and strict MIME type checking as per the updated configuration. Review and adjust settings in config/nova-tiptap.php accordingly. If urgent, consider rolling back to version 5.6.0 only as a temporary measure, understanding it leaves the system vulnerable. [2]