CVE-2025-7346
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-08
Assigner: Toreon
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-281 | The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7346 is a vulnerability in the pyload-ng package where an unauthenticated attacker can bypass localhost restrictions by manipulating the Host header to appear as if the request originates from localhost. This allows the attacker to access protected endpoints, such as /flash/add, which lets them create arbitrary packages without authentication. The issue arises because the application relies on checking the REMOTE_ADDR and HTTP_HOST headers to restrict access, but this check can be bypassed by spoofing the Host header. [1]
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker to perform privileged actions, specifically creating arbitrary packages within the application. This compromises the integrity of the data and the system, as unauthorized package creation can lead to further exploitation or manipulation of the application environment. Since no authentication is required and the attack complexity is low, it poses a significant security risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the affected application for suspicious Host header values, specifically requests to endpoints like /flash/add with the Host header set to '127.0.0.1:9666' or other localhost aliases. You can use tools like curl or tcpdump to inspect headers. For example, use curl with a spoofed Host header to test if the endpoint is accessible: curl -H 'Host: 127.0.0.1:9666' http://target/flash/add -v. Network packet capture tools like tcpdump or Wireshark can filter HTTP traffic to detect such Host header manipulations. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or validating the Host header more strictly in the application middleware to prevent spoofing, implementing proper authentication and authorization checks on sensitive endpoints like /flash/add, and monitoring for suspicious requests that attempt to bypass localhost restrictions. Since no patched versions are available yet, consider applying network-level controls such as firewall rules to limit access to the affected service only from trusted sources or localhost. [1]