CVE-2025-67077
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: MITRE

Description
File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67077
EUVD
EUVD-2026-2761
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
omnispace agora_project to 25.6.4 (inc)
omnispace agora_project to 25.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67077 is a file upload vulnerability in the Omnispace Agora Project before version 25.10. It allows authenticated users, or under certain conditions guest users if guest uploads are enabled, to upload files with dangerous types that are not properly blacklisted. The uploadControl function uses a blacklist regex to block certain MIME types and extensions, but this blacklist is insufficient. Attackers can upload files like ".phar" which may be executed depending on the server configuration. Additionally, the upload mechanism allows specifying the upload directory, enabling attackers to place malicious files in the webroot, potentially leading to command execution and server compromise. [1]

Impact Analysis

This vulnerability can lead to serious security impacts including the ability for attackers to upload and execute malicious files on the server. This can result in command execution, server compromise, and unauthorized control over the affected system. Because attackers can place malicious files in the webroot, they may execute arbitrary code, potentially leading to data breaches, service disruption, or further exploitation of the system. [1]

Detection Guidance

Detection can focus on monitoring file upload activities for suspicious file types that bypass the blacklist, such as files with extensions like .phar. Additionally, checking for uploads specifying the upload directory to the webroot may indicate exploitation attempts. Network or system administrators can look for unusual file uploads or web requests to the UploadTmpFile action. Specific commands are not provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading the Agora Project to version 25.10 or later, where this vulnerability is fixed. Additionally, review and strengthen file upload restrictions to properly blacklist dangerous file types beyond the current inadequate regex. For related vulnerabilities involving Imagick, disable Magick Scripting Language (MSL) in Imagick's policy.xml by adding `<policy domain="coder" rights="none" pattern="MSL"/>` to prevent execution of malicious files. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67077. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart