CVE-2025-67728
Command Injection and Path Traversal in Fireshare Uploads
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fireshare | fireshare | 1.2.30 |
| fireshare | fireshare | 1.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Fireshare versions 1.2.30 and below allows an authenticated user, or an unauthenticated user if the Public Uploads setting is enabled, to upload a video file with a malicious filename. The filename is directly concatenated into a shell command, enabling path traversal to upload files to arbitrary directories or execute system commands, leading to Remote Code Execution (RCE).
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows remote attackers to execute arbitrary system commands, potentially leading to unauthorized access, data modification, and service disruption. Such impacts can result in breaches of confidentiality, integrity, and availability of sensitive data. Consequently, organizations using affected Fireshare versions may face non-compliance with standards and regulations like GDPR and HIPAA, which mandate protection of personal and sensitive data against unauthorized access and ensure system integrity and availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability on your system, you can monitor and inspect requests to the upload endpoints that handle video file uploads, specifically: `/api/upload`, `/api/uploadChunked`, `/api/upload/public`, and `/api/uploadChunked/public` (the latter two only if Public Uploads are enabled). Look for suspicious filenames containing shell metacharacters or path traversal patterns (e.g., `../`). Additionally, you can check if your Fireshare version is 1.2.30 or below, which are vulnerable. For detection via commands, you might use network traffic inspection tools like `tcpdump` or `Wireshark` to capture HTTP POST requests to these endpoints and filter for suspicious filenames. Example commands include: 1. Using `tcpdump` to capture HTTP POST requests to the upload endpoints: ``` tcpdump -i any -A -s 0 'tcp port 80 or tcp port 443' | grep -E 'POST /api/upload|POST /api/uploadChunked|POST /api/upload/public|POST /api/uploadChunked/public' ``` 2. Using `curl` or similar tools to test for vulnerability by uploading a file with a malicious filename (only in a controlled environment): ``` curl -X POST -F "[email protected];filename=maliciousfilename;rm -rf /" http://your-fireshare-host/api/upload ``` 3. Checking the Fireshare version installed: ``` fireshare --version ``` If the version is 1.2.30 or below, the system is vulnerable. Note: Direct detection commands for the vulnerability are not provided in the resources, but monitoring upload endpoints and suspicious filenames is a practical approach. [1, 2]
How can this vulnerability impact me? :
The vulnerability can lead to Remote Code Execution on the affected system, allowing attackers to execute arbitrary commands, upload files to unauthorized directories, compromise system integrity, and potentially take full control of the server hosting Fireshare.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Fireshare to version 1.3.0 or later, as this version fixes the vulnerability. Additionally, if the Public Uploads setting is enabled, consider disabling it to prevent unauthenticated users from exploiting the issue.