216.73.217.50

CVE-2025-55194

· Published 13/08/2025 23:15 · Modified 13/08/2025 23:15

Labels: CVE-2025-55194 2025-08-13CVE-2025-55194CWE-248[email protected]

Essential information

Published
13/08/2025 23:15
Modified
13/08/2025 23:15
Author
Creator
CVSS
5.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CVSS metrics

Description

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server Error when attempting to view or edit that user’s profile. This makes the profile permanently inaccessible via the UI for both users and administrators, constituting a Denial of Service (DoS) within the user management interface. This issue has been patched in version 1.17.3.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
part-db / part-db cpe:2.3:a:part-db:part-db:*:*:*:*:*:*:*:*

References