CVE-2025-67079
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: MITRE

Description
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67079
EUVD
EUVD-2026-2759
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
omnispace agora_project to 25.6.4 (inc)
imagick imagick From 7.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability (CVE-2025-67079) is a file upload vulnerability in the Omnispace Agora Project before version 25.10. Attackers can upload a specially crafted fake PDF file that exploits the Magick Scripting Language (MSL) engine of the Imagick library during thumbnail generation. Because Imagick interprets the PDF as MSL, this allows attackers to execute arbitrary PHP code on the server. The vulnerability arises from the way Imagick processes uploaded files, enabling remote code execution. [1]

Impact Analysis

This vulnerability can have severe impacts including remote code execution on the server hosting the Agora Project. An attacker can run arbitrary PHP code, potentially leading to full server compromise, data theft, unauthorized access, or disruption of services. Since the vulnerability allows execution without authentication, it poses a high risk to affected installations. [1]

Detection Guidance

Detection can involve monitoring for uploads of crafted PDF files that trigger the Imagick MSL engine. Since the vulnerability involves execution via file upload and thumbnail generation, inspecting upload directories for suspicious PDF files and checking Imagick's processing logs may help. Specific commands are not provided in the resources. [1]

Mitigation Strategies

Mitigation requires disabling the Magick Scripting Language (MSL) in Imagick's policy.xml file by adding the line `<policy domain="coder" rights="none" pattern="MSL"/>` to prevent MSL file loading and execution. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67079. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart