CNNVD-202508-356 Information

CNNVD ID

CNNVD-202508-356

Related CVE

CVE-2025-50688

• CNNVD Published: 2025-08-05

Description (Chinese)

TwistedWeb是Twisted开源的一个Web服务器框架。 TwistedWeb 14.0.0版本存在安全漏洞，该漏洞源于文件上传功能输入清理不当，可能导致远程代码执行。

Description (English)

TwistedWeb is a Web server framework for Twisted ’ s open source. There is a security loophole in TwistedWeb 14.0.0, which results from the inappropriate uploading of document functionality and may lead to remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Twisted

Published

2025-08-05

Last Modified

2026-02-24

References

https://medium.com/@Justinsecure/chained-rce-on-twistedweb-14-0-0-via-command-injection-and-unauthenticated-put-1aa657995b4e https://twisted.org/documents/14.0.0/index.html https://access.redhat.com/security/cve/cve-2025-50688

Patch

https://pypi.org/project/Twisted/