Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter.
{
"cna_assigner": "snyk",
"cwe_ids": [
"CWE-434"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/1xxx/CVE-2025-1025.json"
}