PT-2025-20736 · Unknown · Thingsboard
Published
2025-05-12
·
Updated
2025-05-12
·
CVE-2024-55466
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ThingsBoard versions 3.8.1 and below
Description
An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard allows attackers to execute arbitrary code via uploading a crafted file.
Recommendations
For versions 3.8.1 and below, update to a version above 3.8.1 to resolve the issue.
As a temporary workaround, consider disabling the Image Gallery feature until a patch is available.
Restrict access to the Image Gallery to minimize the risk of exploitation.
Exploit
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thingsboard