CNNVD-202602-159 Information

CNNVD ID

CNNVD-202602-159

Related CVE

CVE-2025-66480

• CNNVD Published: 2026-02-02

Description (Chinese)

im-server是野火IM开源的一个即时通讯系统。 im-server 1.4.3之前版本存在代码问题漏洞，该漏洞源于im-server组件中文件上传功能对用户提供的文件名清理不当，可能导致远程代码执行。

Description (English)

Im-server is an instant communication system from the open source of Wildfire IM. The pre-im-server 1.4.3 version had a code problem loophole, which stemmed from the inappropriate clean-up of user-provided filenames in the file upload function of the im-server component, which could lead to remote code execution.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

野火IM

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/wildfirechat/im-server/commit/2f9c4e028c01c64913cab32e7248bcca183a5230 https://github.com/wildfirechat/im-server/releases/tag/1.4.3 https://github.com/wildfirechat/im-server/security/advisories/GHSA-74hq-jhx2-fq6c

Patch

https://github.com/wildfirechat/im-server/releases