CVE-2025-67077
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| omnispace | agora_project | to 25.6.4 (inc) |
| omnispace | agora_project | to 25.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67077 is a file upload vulnerability in the Omnispace Agora Project before version 25.10. It allows authenticated users, or under certain conditions guest users if guest uploads are enabled, to upload files with dangerous types that are not properly blacklisted. The uploadControl function uses a blacklist regex to block certain MIME types and extensions, but this blacklist is insufficient. Attackers can upload files like ".phar" which may be executed depending on the server configuration. Additionally, the upload mechanism allows specifying the upload directory, enabling attackers to place malicious files in the webroot, potentially leading to command execution and server compromise. [1]
How can this vulnerability impact me? :
This vulnerability can lead to serious security impacts including the ability for attackers to upload and execute malicious files on the server. This can result in command execution, server compromise, and unauthorized control over the affected system. Because attackers can place malicious files in the webroot, they may execute arbitrary code, potentially leading to data breaches, service disruption, or further exploitation of the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring file upload activities for suspicious file types that bypass the blacklist, such as files with extensions like .phar. Additionally, checking for uploads specifying the upload directory to the webroot may indicate exploitation attempts. Network or system administrators can look for unusual file uploads or web requests to the UploadTmpFile action. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Agora Project to version 25.10 or later, where this vulnerability is fixed. Additionally, review and strengthen file upload restrictions to properly blacklist dangerous file types beyond the current inadequate regex. For related vulnerabilities involving Imagick, disable Magick Scripting Language (MSL) in Imagick's policy.xml by adding `<policy domain="coder" rights="none" pattern="MSL"/>` to prevent execution of malicious files. [1]