PT-2025-9850 · Volt · Volt

Angelej

Publicado

2025-03-05

Atualizado

2025-05-11

CVE-2025-27517

CVSS v4.0

9.3

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Volt versions prior to 1.7.0

Description The issue concerns a remote code execution vulnerability within Volt components. Malicious, user-crafted request payloads could potentially lead to remote code execution. Approximately 1.08 million downloads are at risk.

Recommendations To resolve the issue, upgrade to version 1.7.0 or later. As a temporary workaround, consider restricting access to vulnerable components until a patch is applied. Avoid using malicious or user-crafted request payloads in the affected API endpoints until the issue is resolved.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2025-27517

GHSA-V69F-5JXM-HWVV

Produtos afetados

Volt

PT-2025-9850 · Volt · Volt

CVE-2025-27517

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18