CVE-2025-55743
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-21

Last updated on: 2025-08-22

Assigner: GitHub, Inc.

Description
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy like Burp suite. Make changes to the file extension and content. The vulnerability is fixed in 0.2.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-21
Last Modified
2025-08-22
Generated
2026-06-16
AI Q&A
2025-08-21
EPSS Evaluated
2026-06-15
NVD
CVE-2025-55743
EUVD
EUVD-2025-25455
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
webkul unopim to 0.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in UnoPim before version 0.2.1 involves the image upload feature during user creation, which only performs client-side file type validation. An attacker can intercept the upload request using a proxy tool like Burp Suite, modify the file extension and content, and bypass the intended file type restrictions. This allows potentially malicious files to be uploaded.

Impact Analysis

This vulnerability can allow an attacker to upload malicious files disguised as images, potentially leading to unauthorized code execution, data compromise, or system instability within the UnoPim application environment.

Mitigation Strategies

Upgrade UnoPim to version 0.2.1 or later, as this version fixes the vulnerability by addressing the insufficient server-side validation of uploaded image files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55743. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart