CNNVD-202507-2943 Information

CNNVD ID

CNNVD-202507-2943

Related CVE

CVE-2025-54140

• CNNVD Published: 2025-07-22

Description (Chinese)

pyLoad是pyLoad开源的一个用 Python 编写的免费开源下载管理器。 pyLoad 0.5.0b3.dev89版本存在路径遍历漏洞，该漏洞源于/json/upload端点存在路径遍历，可能导致任意文件写入。

Description (English)

PyLoad is a free open source download manager by Python. The pyLoad 0.5.0b3.dev89 version has a path-to-penetrating loophole that originates from the /json/upload end-point, which may lead to any document being written.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

pyLoad

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/pyload/pyload/commit/fc4b136e9c4e7dcbb8e467ae802cb2c3f70a71b0 https://github.com/pyload/pyload/blob/df094db67ec6e25294a9ac0ddb4375fd7fb9ba00/src/pyload/webui/app/blueprints/json_blueprint.py#L109 https://github.com/pyload/pyload/security/advisories/GHSA-xqpg-92fq-grfg https://nvd.nist.gov/vuln/detail/CVE-2025-54140 https://access.redhat.com/security/cve/cve-2025-54140

Patch

https://pyload.net/