Platform
python
Component
pyload-ng
Opgelost in
0.5.1
0.5.0b3.dev90
CVE-2025-54802 describes a critical Remote Code Execution (RCE) vulnerability discovered in pyLoad-ng, a Python-based download manager. This vulnerability allows unauthenticated attackers to write arbitrary files, potentially leading to privilege escalation and complete system compromise. The vulnerability affects versions of pyLoad-ng up to and including 0.5.0b3.dev89, and a fix is available in version 0.5.0b3.dev90.
The vulnerability lies within the addcrypted endpoint, specifically in how it handles the package parameter. Due to insufficient path validation, an attacker can craft a malicious request that allows them to write files outside the intended storage directory. This arbitrary file write capability is exceptionally dangerous. An attacker could overwrite critical system files, such as cron jobs or systemd service configurations, effectively gaining persistent root access to the system. The potential for lateral movement is significant, as a compromised pyLoad-ng instance could be used as a springboard to attack other systems on the network. The blast radius extends to the entire system, as successful exploitation grants the attacker complete control.
As of the publication date (2025-08-04), this vulnerability is not listed on the CISA KEV catalog. The EPSS score is likely to be high due to the RCE nature and the ease of exploitation. Public proof-of-concept (PoC) code is likely to emerge quickly given the straightforward nature of the path traversal vulnerability. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Systems running pyLoad-ng in production environments, particularly those with exposed web interfaces, are at significant risk. Shared hosting environments where multiple users share the same server instance are especially vulnerable, as a compromise of one pyLoad-ng instance could potentially affect other users on the same server. Legacy configurations with outdated pyLoad-ng versions are also at heightened risk.
• python: Monitor pyLoad-ng logs for requests to the /addcrypted endpoint with suspicious package parameters containing path traversal sequences (e.g., ../).
• linux / server: Use auditd to monitor file access attempts within the pyLoad-ng storage directory. Create an audit rule to specifically track writes to files outside the designated storage area.
auditctl -w /path/to/pyload-ng/storage -p wa -k pyload-rce• generic web: Use curl to test the /addcrypted endpoint with a path traversal payload:
curl -X POST -d 'package=../../../../etc/passwd' http://your-pyload-ng-server/addcrypted• generic web: Examine web server access logs for requests to /addcrypted with unusual or unexpected package values.
disclosure
patch
Exploit Status
EPSS
1.10% (78% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to immediately upgrade pyLoad-ng to version 0.5.0b3.dev90 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the addcrypted endpoint using a firewall or access control list (ACL) to limit potential attackers. Monitor system files and directories for unexpected modifications, particularly those related to cron jobs and systemd services. Implement a Web Application Firewall (WAF) with rules to detect and block requests containing malicious path traversal attempts. Review and harden the overall security posture of the system hosting pyLoad-ng, ensuring that other potential attack vectors are addressed. After upgrading, confirm the fix by attempting to access the addcrypted endpoint with a crafted path traversal payload; the request should be rejected.
Werk pyLoad bij naar versie 0.5.0b3.dev90 of hoger. Dit corrigeert de path traversal kwetsbaarheid die remote code execution mogelijk maakt. U kunt bijwerken via de Python package manager of de laatste versie downloaden van de officiële repository.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-54802 is a critical Remote Code Execution vulnerability in pyLoad-ng versions up to 0.5.0b3.dev89, allowing attackers to write arbitrary files and potentially gain root access.
You are affected if you are running pyLoad-ng versions 0.5.0b3.dev89 or earlier. Check your version and upgrade immediately.
Upgrade to pyLoad-ng version 0.5.0b3.dev90 or later to patch the vulnerability. Implement temporary workarounds like restricting access to the /addcrypted endpoint if immediate upgrade is not possible.
While there are no confirmed reports of active exploitation as of the publication date, the ease of exploitation suggests that it is likely to be targeted soon.
Refer to the official pyLoad-ng project website and GitHub repository for the latest security advisories and updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je requirements.txt-bestand en we vertellen je direct of je getroffen bent.