CVE-2025-63414
Path Traversal in Allsky WebUI Enables Remote Code Execution
Publication date: 2025-12-16
Last updated on: 2025-12-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| allsky | webui | * |
| allsky | webui | v2024.12.06_06 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-63414 is a critical Remote Code Execution (RCE) vulnerability in the Allsky WebUI project. It occurs due to improper input validation and insecure command execution in the execute.php script. An unauthenticated remote attacker can send a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter. The vulnerability arises because the id parameter is used to construct system commands without proper sanitization, allowing attackers to execute arbitrary commands on the underlying operating system. This leads to full remote code execution under the privileges of a high-privilege user. [2]
How can this vulnerability impact me? :
This vulnerability can lead to full remote code execution on the affected system, allowing an attacker to run arbitrary commands with high privileges. This compromises the confidentiality, integrity, and availability of both the Allsky WebUI application and the underlying operating system. An attacker could potentially take complete control of the system, access sensitive data, modify or delete files, and disrupt services. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by monitoring HTTP requests to the /html/execute.php endpoint for suspicious or crafted requests containing the id parameter with commands such as 'allsky-config whoami' or 'allsky-config cat /etc/passwd'. For example, using curl to test if the endpoint executes commands: curl 'http://[TARGET-IP]/html/execute.php?id=allsky-config%20whoami'. Additionally, inspecting web server logs for unusual requests to /html/execute.php with the id parameter containing command-like strings can help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Implementing a strict whitelist of allowed commands to prevent arbitrary command execution. 2) Replacing the use of escapeshellcmd() with escapeshellarg() to properly escape command arguments. 3) Restricting sudo privileges to minimize the scope of commands that can be executed by the ALLSKY_OWNER user. 4) Employing defense-in-depth strategies such as additional input validation and access control to limit access to the vulnerable endpoint. Until a patch is applied, consider restricting access to the /html/execute.php endpoint to trusted users only. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the underlying operating system, leading to full remote code execution and complete compromise of confidentiality, integrity, and availability of the application and system. Such a compromise can result in unauthorized access to sensitive data, disruption of services, and potential data breaches, which would negatively impact compliance with common standards and regulations like GDPR and HIPAA that require protection of personal and sensitive information and maintaining system integrity and availability. [2]