CVE-2025-41714

Name of the Vulnerable Software and Affected Versions: versions prior to 2025-41714

Description: The upload endpoint does not adequately validate the Upload-Key request header. An authenticated attacker can use path traversal sequences within the header to create files outside the intended storage location. In some configurations, this can lead to arbitrary file write and potentially remote code execution.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.