CVE-2025-53890

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-53890

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53890.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53890

Aliases

GHSA-8w3f-4r8f-pf53

Related

GHSA-8w3f-4r8f-pf53

Published

2025-07-15T00:15:24Z

Modified

2025-07-16T10:44:30.303173Z

Summary

[none]

Details

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.

References

Affected packages

Git / github.com/pyload/pyload

Affected ranges

Type: GIT
Repo: https://github.com/pyload/pyload
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

909e5c97885237530d1264cfceb5555870eb9546

Affected versions

v0.*

v0.1

v0.1.1

v0.2

v0.2.1

v0.2.2

v0.3

v0.3.1

v0.3.2

v0.4

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9