CVE-2025-55743

UnoPim vulnerable to remote code execution through Arbitrary File upload

CVSS 7.3 HIGHEPSS 0.4%CWE-434

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

21 ago 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy like Burp suite. Make changes to the file extension and content. The vulnerability is fixed in 0.2.1.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Productos afectados

unopim · unopim

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://drive.proton.me/urls/PH1ESMKHMW#4Vxb2KNu3tmn https://github.com/unopim/unopim/security/advisories/GHSA-v22v-xwh7-2vrm