CVE-2025-54802

Source
https://cve.org/CVERecord?id=CVE-2025-54802
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54802.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54802
Aliases
Published
2025-08-05T00:06:48.834Z
Modified
2026-07-15T01:49:04.984494652Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
pyLoad CNL Blueprint is vulnerable to Path Traversal through `dlc_path` leading to Remote Code Execution (RCE)
Details

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54802.json",
    "cwe_ids": [
        "CWE-22"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "0.5.0b3.dev89"
                },
                {
                    "fixed": "0.5.0b3.dev90"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/pyload/pyload

Affected ranges

Type
GIT
Repo
https://github.com/pyload/pyload
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

v0.*
v0.1
v0.1.1
v0.2
v0.2.1
v0.2.2
v0.3
v0.3.1
v0.3.2
v0.4
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54802.json"