Plateforme
python
Composant
pyload-ng
Corrigé dans
0.5.1
0.5.0b3.dev90
CVE-2025-54802 describes a critical Remote Code Execution (RCE) vulnerability discovered in pyLoad-ng, a Python-based download manager. This vulnerability allows unauthenticated attackers to write arbitrary files, potentially leading to privilege escalation and complete system compromise. The vulnerability affects versions of pyLoad-ng up to and including 0.5.0b3.dev89, and a fix is available in version 0.5.0b3.dev90.
The vulnerability lies within the addcrypted endpoint, specifically in how it handles the package parameter. Due to insufficient path validation, an attacker can craft a malicious request that allows them to write files outside the intended storage directory. This arbitrary file write capability is exceptionally dangerous. An attacker could overwrite critical system files, such as cron jobs or systemd service configurations, effectively gaining persistent root access to the system. The potential for lateral movement is significant, as a compromised pyLoad-ng instance could be used as a springboard to attack other systems on the network. The blast radius extends to the entire system, as successful exploitation grants the attacker complete control.
As of the publication date (2025-08-04), this vulnerability is not listed on the CISA KEV catalog. The EPSS score is likely to be high due to the RCE nature and the ease of exploitation. Public proof-of-concept (PoC) code is likely to emerge quickly given the straightforward nature of the path traversal vulnerability. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Systems running pyLoad-ng in production environments, particularly those with exposed web interfaces, are at significant risk. Shared hosting environments where multiple users share the same server instance are especially vulnerable, as a compromise of one pyLoad-ng instance could potentially affect other users on the same server. Legacy configurations with outdated pyLoad-ng versions are also at heightened risk.
• python: Monitor pyLoad-ng logs for requests to the /addcrypted endpoint with suspicious package parameters containing path traversal sequences (e.g., ../).
• linux / server: Use auditd to monitor file access attempts within the pyLoad-ng storage directory. Create an audit rule to specifically track writes to files outside the designated storage area.
auditctl -w /path/to/pyload-ng/storage -p wa -k pyload-rce• generic web: Use curl to test the /addcrypted endpoint with a path traversal payload:
curl -X POST -d 'package=../../../../etc/passwd' http://your-pyload-ng-server/addcrypted• generic web: Examine web server access logs for requests to /addcrypted with unusual or unexpected package values.
disclosure
patch
Statut de l'Exploit
EPSS
1.10% (percentile 78%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to immediately upgrade pyLoad-ng to version 0.5.0b3.dev90 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the addcrypted endpoint using a firewall or access control list (ACL) to limit potential attackers. Monitor system files and directories for unexpected modifications, particularly those related to cron jobs and systemd services. Implement a Web Application Firewall (WAF) with rules to detect and block requests containing malicious path traversal attempts. Review and harden the overall security posture of the system hosting pyLoad-ng, ensuring that other potential attack vectors are addressed. After upgrading, confirm the fix by attempting to access the addcrypted endpoint with a crafted path traversal payload; the request should be rejected.
Mettez à jour pyLoad à la version 0.5.0b3.dev90 ou supérieure. Cela corrige la vulnérabilité de path traversal qui permet l'exécution à distance de code. Vous pouvez mettre à jour via le gestionnaire de paquets Python ou en téléchargeant la dernière version depuis le dépôt officiel.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-54802 is a critical Remote Code Execution vulnerability in pyLoad-ng versions up to 0.5.0b3.dev89, allowing attackers to write arbitrary files and potentially gain root access.
You are affected if you are running pyLoad-ng versions 0.5.0b3.dev89 or earlier. Check your version and upgrade immediately.
Upgrade to pyLoad-ng version 0.5.0b3.dev90 or later to patch the vulnerability. Implement temporary workarounds like restricting access to the /addcrypted endpoint if immediate upgrade is not possible.
While there are no confirmed reports of active exploitation as of the publication date, the ease of exploitation suggests that it is likely to be targeted soon.
Refer to the official pyLoad-ng project website and GitHub repository for the latest security advisories and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.