CVE-2025-67728
Unknown Unknown - Not Provided
Command Injection and Path Traversal in Fireshare Uploads

Publication date: 2025-12-12

Last updated on: 2025-12-12

Assigner: GitHub, Inc.

Description
Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a shell command, which can be used for uploading files to arbitrary directories via path traversal, or executing system commands for Remote Code Execution (RCE). This issue is fixed in version 1.3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-12-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67728
EUVD
EUVD-2025-203055
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
fireshare fireshare 1.2.30
fireshare fireshare 1.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows remote attackers to execute arbitrary system commands, potentially leading to unauthorized access, data modification, and service disruption. Such impacts can result in breaches of confidentiality, integrity, and availability of sensitive data. Consequently, organizations using affected Fireshare versions may face non-compliance with standards and regulations like GDPR and HIPAA, which mandate protection of personal and sensitive data against unauthorized access and ensure system integrity and availability. [1]

Detection Guidance

To detect this vulnerability on your system, you can monitor and inspect requests to the upload endpoints that handle video file uploads, specifically: `/api/upload`, `/api/uploadChunked`, `/api/upload/public`, and `/api/uploadChunked/public` (the latter two only if Public Uploads are enabled). Look for suspicious filenames containing shell metacharacters or path traversal patterns (e.g., `../`). Additionally, you can check if your Fireshare version is 1.2.30 or below, which are vulnerable. For detection via commands, you might use network traffic inspection tools like `tcpdump` or `Wireshark` to capture HTTP POST requests to these endpoints and filter for suspicious filenames. Example commands include: 1. Using `tcpdump` to capture HTTP POST requests to the upload endpoints: ``` tcpdump -i any -A -s 0 'tcp port 80 or tcp port 443' | grep -E 'POST /api/upload|POST /api/uploadChunked|POST /api/upload/public|POST /api/uploadChunked/public' ``` 2. Using `curl` or similar tools to test for vulnerability by uploading a file with a malicious filename (only in a controlled environment): ``` curl -X POST -F "[email protected];filename=maliciousfilename;rm -rf /" http://your-fireshare-host/api/upload ``` 3. Checking the Fireshare version installed: ``` fireshare --version ``` If the version is 1.2.30 or below, the system is vulnerable. Note: Direct detection commands for the vulnerability are not provided in the resources, but monitoring upload endpoints and suspicious filenames is a practical approach. [1, 2]

Executive Summary

This vulnerability in Fireshare versions 1.2.30 and below allows an authenticated user, or an unauthenticated user if the Public Uploads setting is enabled, to upload a video file with a malicious filename. The filename is directly concatenated into a shell command, enabling path traversal to upload files to arbitrary directories or execute system commands, leading to Remote Code Execution (RCE).

Impact Analysis

The vulnerability can lead to Remote Code Execution on the affected system, allowing attackers to execute arbitrary commands, upload files to unauthorized directories, compromise system integrity, and potentially take full control of the server hosting Fireshare.

Mitigation Strategies

Upgrade Fireshare to version 1.3.0 or later, as this version fixes the vulnerability. Additionally, if the Public Uploads setting is enabled, consider disabling it to prevent unauthenticated users from exploiting the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67728. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart