CVE-2025-51056 Information
Aug 07, 2025
cve
Description
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure ‘uploadPreviews()’ custom function in ‘/api_vedo/colorways_preview’ ultimately resulting in remote code execution (RCE).
Reference
http://bottinelli.com https://github.com/jacopoaugelli/vedo-suite-exploits
Related CNNVD
CNNVD-202508-629 (Published: 2025-08-06)
Share on: