CVE-2025-54307
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-16

Assigner: MITRE

Description
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The plupload_file_upload function handles these file uploads and constructs the destination file path by using either the name parameter or the uploaded filename, neither of which is properly sanitized. The file extension is extracted by splitting the filename, and a format string is used to construct the final file path, leaving the destination path vulnerable to path traversal. An authenticated attacker with network connectivity can write arbitrary files to the server, enabling remote code execution after overwriting an executable file. An example is the pdflatex executable, which is executed through subprocess.Popen in the write_report_pdf function after requests to a /report/latex/(\d+).pdf endpoint.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-16
Generated
2026-05-07
AI Q&A
2025-12-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-54307
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
thermofisher torrent_suite_software 5.18.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Thermo Fisher Torrent Suite Django application 5.18.1, where certain endpoints allow low-privilege users to upload ZIP files without proper sanitization of the filename. The application uses the filename or a name parameter to construct the destination file path, but does not properly sanitize these inputs, leading to a path traversal vulnerability. This allows an authenticated attacker to write arbitrary files to the server, potentially overwriting executable files and enabling remote code execution.


How can this vulnerability impact me? :

An attacker who is authenticated and has network access can exploit this vulnerability to upload malicious files to the server, overwrite critical executable files, and execute arbitrary code remotely. This can lead to full compromise of the server, unauthorized access to sensitive data, disruption of services, and potential further attacks within the network.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart