216.73.217.64

CVE-2025-58432

· Published 17/09/2025 18:15 · Modified 18/09/2025 13:43

Labels: CVE-2025-58432 2025-09-17CVE-2025-58432CWE-250[email protected]

Essential information

Published
17/09/2025 18:15
Modified
18/09/2025 13:43
Author
Creator
CVSS
5.2 MEDIUM (v3) 5.2 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zima / zimaos cpe:2.3:a:zima:zimaos:1.4.1:*:*:*:*:*:*:*
casaos / casaos cpe:2.3:a:casaos:casaos:*:*:*:*:*:*:*:*

References