CVE-2026-25099
Unrestricted File Upload in Bludit API Plugin Enables RCE
Publication date: 2026-03-27
Last updated on: 2026-04-01
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bludit | bludit | to 3.18.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows an attacker to execute arbitrary code remotely on your server.
An attacker with a valid API token can upload malicious files that could compromise the integrity, confidentiality, and availability of your system.
Potential impacts include unauthorized access, data theft, data loss, service disruption, or using your server as a foothold for further attacks.
Can you explain this vulnerability to me?
The vulnerability in Bludit's API plugin allows an authenticated attacker who has a valid API token to upload files of any type and extension without any restrictions.
These uploaded files can then be executed on the server, which leads to Remote Code Execution (RCE).
This means the attacker can run arbitrary code on the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update Bludit to version 3.18.4 or later, as this version contains the fix for the arbitrary file upload and remote code execution issue in the API plugin.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated attacker to upload and execute arbitrary files, leading to remote code execution. Such a security flaw can potentially lead to unauthorized access, data breaches, or manipulation of sensitive information.
While the provided context does not explicitly mention compliance with standards like GDPR or HIPAA, vulnerabilities that enable remote code execution and unauthorized file uploads generally pose significant risks to data confidentiality, integrity, and availability, which are core concerns of these regulations.
Therefore, if exploited, this vulnerability could lead to non-compliance with regulations requiring protection of personal or sensitive data, such as GDPR or HIPAA, due to potential data breaches or unauthorized system control.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects Bludit's API plugin and allows an authenticated attacker with a valid API token to upload files of any type without restriction, leading to remote code execution.
To detect this vulnerability on your system, you should check the version of Bludit you are running. Versions prior to 3.18.4 are vulnerable.
You can verify the Bludit version by accessing the application or checking the version file if available.
Additionally, monitoring API requests for file upload activity from authenticated users can help detect exploitation attempts.
Since the vulnerability requires a valid API token, commands to inspect logs for suspicious API token usage or unexpected file uploads may be useful.
Example commands (assuming Linux environment and access to logs):
- Check Bludit version (if installed via package or files): grep -i version /path/to/bludit/version or check the admin panel.
- Search web server logs for API file upload requests: grep -i 'api/upload' /var/log/apache2/access.log
- Look for suspicious file uploads with uncommon extensions: grep -E '\.(php|phtml|exe|sh|pl|py)$' /var/www/bludit/uploads/*
- Monitor for unusual API token usage patterns: grep 'Authorization: Bearer' /var/log/apache2/access.log | sort | uniq -c | sort -nr
Ultimately, upgrading to Bludit version 3.18.4 or later is the recommended mitigation.