CNNVD-202512-3131 Information
CNNVD ID
CNNVD-202512-3131
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
ConvertX是ConvertX公司的一个文件格式转换工具。 ConvertX 0.16.0之前版本存在安全漏洞,该漏洞源于上传功能未清理文件名,可能导致任意文件写入和执行任意代码。
Description (English)
ConvertX is a file formatting tool for ConvertX. There was a security loophole in the pre-ConvertX 0.16.0 version, which stemmed from the uploading function that did not clear the file name, which could lead to any document being written and enforced by any code.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
ConvertX
Published
2025-12-16
Last Modified
2026-02-24
References
https://github.com/C4illin/ConvertX/blob/4ae2aab66ace7cdcc14c5a16ecaaf2372b9ccbdf/src/pages/upload.tsx#L27-L30 https://github.com/C4illin/ConvertX/commit/550f472451755d095cf5802bc91f403e85b7129e https://github.com/C4illin/ConvertX/security/advisories/GHSA-cpww-gwgc-p72r https://access.redhat.com/security/cve/cve-2025-66449
Patch
https://github.com/C4illin/ConvertX/releases
Share on: