CVE-2025-25478 Information

Description

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code exposing sensitive information such as the database password.

Reference

https://github.com/sysentr0py/CVEs/tree/main/CVE-2025-25478