CNNVD-202509-2689 Information

CNNVD ID

CNNVD-202509-2689

Related CVE

CVE-2025-58432

• CNNVD Published: 2025-09-17

Description (Chinese)

ZimaOS是IceWhaleTech的一个开源的操作系统项目，旨在提供一个轻量级、高性能、安全的操作系统环境。 ZimaOS 1.4.1及之前版本存在安全漏洞，该漏洞源于/v2_1/files/file/uploadV2端点允许任何可访问本地主机的用户以root权限上传文件。

Description (English)

ZimaOS is an open-source operating system project of Ice WhaleTech, which aims to provide a lightweight, high-performance, safe operating system environment. ZimaOS 1.4.1 and previous versions contain a security loophole, which stems from the fact that the end point of /v2 1/files/file/uploadV2 allows any user with access to the local host to upload the file with root privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ICP DAS

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-3gp9-43rg-xrcc

Patch

https://github.com/IceWhaleTech/ZimaOS/releases