Description

Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject malicious payloads into files ran on schedule or upon certain service actions. As the service is not required to run with authentication enabled, this may permit wholly unprivileged users root access. Otherwise, anybody with a PIN.

INFO

Published Date :

2025-01-31T23:02:19.734Z

Last Modified :

2025-02-12T20:51:22.873Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-24891 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24891.

URL Resource
https://github.com/DumbWareio/DumbDrop/commit/cb586316648ccbfb21d27b84e90d72ccead9819d cve-icon cve-icon
https://github.com/DumbWareio/DumbDrop/security/advisories/GHSA-24f2-fv38-3274 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact