Vulnerabilities

CVE-2025-66449 - ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Cod...

2025-12-16 0 views admin

CVE ID : CVE-2025-66449 Published : Dec. 16, 2025, 1:15 a.m. | 23 minutes ago Description : ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint `/upload` allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes `file.name` directly from user supplied data without doing any sanitization on the name thus allowing for arbitrary file write. This can be used to overwrite system binaries with ones provided from an attacker allowing full code execution. Version 0.16.0 contains a patch for the issue. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-66449

Severity

HIGH

Published

Dec. 16, 2025

Impact: code execution

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-66449high

CVE-2025-66449 - ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Cod...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-3134 - itsourcecode News Portal Project edit-category.php sql injection

CVE-2026-3133 - itsourcecode Document Management System Login loging.php sql injection

CVE-2025-46320 - FileMaker WebDirect Cross-Site Scripting (XSS)

CVE-2026-21410 - InSAT MasterSCADA BUK-TS SQL Injection

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting