CVE-2025-57751
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-21

Last updated on: 2025-08-22

Assigner: GitHub, Inc.

Description
pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs(), resulting in the server CPU being fully occupied and the web-ui becoming unresponsive. This vulnerability is fixed in 0.5.0b3.dev92.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-21
Last Modified
2025-08-22
Generated
2026-05-06
AI Q&A
2025-08-21
EPSS Evaluated
2026-05-05
NVD
CVE-2025-57751
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pyload pyload *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in pyLoad occurs because the 'jk' parameter in the pyLoad CNL Blueprint is not properly verified. The input provided by the user for the 'jk' parameter is directly evaluated using dykpy.evaljs(), which can cause the server's CPU to become fully occupied and the web user interface to become unresponsive.


How can this vulnerability impact me? :

The vulnerability can cause a denial of service condition by fully occupying the server CPU and making the web user interface unresponsive. This can disrupt normal operations and prevent users from accessing or managing downloads through the pyLoad interface.


What immediate steps should I take to mitigate this vulnerability?

Upgrade pyLoad to version 0.5.0b3.dev92 or later, where this vulnerability is fixed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart