CVE-2025-57633

Name of the Vulnerable Software and Affected Versions: FTP-Flask-python versions through 5173b68

Description: A command injection issue exists in FTP-Flask-python. The /ftp.html endpoint’s "Upload File" action constructs a shell command from the ftp file parameter and executes it using os.system() without sanitization or escaping, allowing unauthenticated remote attackers to execute arbitrary OS commands.

Recommendations: Versions prior to 5173b68 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.