PT-2025-38382 · Unknown · Airsonic-Advanced

Mikecole-Mg

·

Publicado

2025-09-18

·

Atualizado

2025-09-19

·

CVE-2025-10669

CVSS v2.0

6.5

Média

VetorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Airsonic-Advanced versions prior to 10.6.1
Description A vulnerability exists in Airsonic-Advanced up to version 10.6.0 within the Playlist Upload Handler component. Manipulation of the component allows for unrestricted file uploads, and the attack can be initiated remotely. The exploit is publicly available.
Recommendations Update Airsonic-Advanced to version 10.6.1 or later.

Exploit

Correção

Unrestricted File Upload

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434CWE-284

Identificadores relacionados

CVE-2025-10669

Produtos afetados

Airsonic-Advanced