Description

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftp_file parameter and executes it using os.system() without sanitization or escaping.

INFO

Published Date :

2025-09-09T00:00:00.000Z

Last Modified :

2025-09-10T14:06:40.486Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-57633 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57633.

URL Resource
https://gist.github.com/Spendroslav/1c0c6a6556992291b19c3178e3cb5885 cve-icon cve-icon
https://github.com/ajaypp123/FTP-Flask-python/blob/5173b6828244ff9729fa29cc144d74ccbea30a73/ftp_app.py cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact