CRITICAL🇵🇱 Wersja polska

CVE-2025-54802

CVSS 9.8v3.1pub. 2025-08-05upd. 2025-10-09

pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90.

🤖 AI Analysis
How it works

The addcrypted endpoint in the CNL Blueprint module of pyLoad-ng constructs the target file path in an unsafe manner, without proper sanitization of the package parameter. An attacker can submit a specially crafted request containing path traversal sequences (e.g., '../'), which allows writing a file to any location in the file system — outside the intended storage directory. The vulnerability is available without authentication (PR:N, UI:N). By overwriting critical system files, such as cron jobs or systemd services, an attacker can cause privilege escalation and execute arbitrary code as root.

Impact

An attacker without any privileges can write arbitrary files to the server's file system, overwrite critical system files, and thus gain full control of the host with root privileges (RCE, privilege escalation).

Mitigation & patch

pyLoad-ng should be immediately updated to version 0.5.0b3.dev90, in which the vulnerability has been fixed. The fix commit is available at: https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4. Until the update is applied, it is recommended to restrict network access to the pyLoad-ng instance exclusively to trusted IP addresses.

Who is affected

pyLoad-ng (Pyload-Ng Project) in versions 0.5.0b3.dev89 and earlier.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pyload Ng Project Pyload Ng

    APP
    Pyload-Ng Project
    0.5.0b3.dev89
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath TraversalAuth BypassLPE
CWE
References

Related vulnerabilities

CVE-2026-35459CRITICAL9.3PL ✓ten sam produkt

SSRF w pyLoad-NG – obejście filtra przez przekierowania HTTP

CVE-2024-22416CRITICAL9.6PL ✓ten sam produkt

CSRF w pyLoad umożliwia wykonanie dowolnych wywołań API bez uwierzytelnienia

CVE-2026-42315HIGH8.1ten sam produkt

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a f...

CVE-2026-42313HIGH8.3ten sam produkt

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_v...

CVE-2026-35463HIGH8.8ten sam produkt

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_O...