CVE-2025-55383
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-22
Assigner: MITRE
Description
Description
Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| deep-project | moss | 0.1.5 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Moss before version 0.15, where the file upload function is improperly configured. It allows attackers to upload files with any extension to any location on the target server, potentially leading to unauthorized file placement.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can upload malicious files anywhere on the server, which may lead to data compromise, unauthorized access, or disruption of services. This can result in confidentiality, integrity, and availability impacts on the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70