CVE-2025-67077

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-67077

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67077.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67077

Published

2026-01-15T16:16:11.757Z

Modified

2026-03-13T03:42:06.853171Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

References

Affected packages

Git / github.com/xech/agora-project

Affected ranges

Type

GIT

Repo

https://github.com/xech/agora-project

Events

Introduced

Fixed

1a1171504cd42b7a84e4e4c7b118f724f9224be2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "25.10"
        }
    ]
}

Affected versions

22.*

22.12.0

22.3.1

23.*

23.10.1

23.10.2

23.10.3

23.2.3

23.4.1

23.4.2

23.5.0

23.7.1

23.7.3

24.*

24.11.1

24.12.1

24.2.1

24.2.3

24.4.3

24.4.4

24.4.5

24.6.0

24.6.2

24.6.3

24.6.4

24.8.1

24.8.2

24.8.3

25.*

25.1.0

25.3.2

25.3.3

25.6.0

25.6.1

25.6.2

25.6.3

25.6.4

25.8

3.*

3.6.3

3.6.4

3.6.5

3.7.0

3.7.2

3.7.2.1

3.7.3.1

3.7.4.1

3.8.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67077.json"