CVE-2025-58432

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ZimaOS versions prior to 1.4.1

Description ZimaOS, a fork of CasaOS, is susceptible to a file upload issue. The /v2 1/files/file/uploadV2 API endpoint permits file uploads from any user with localhost access, and these uploads are executed with root privileges.

Recommendations Update ZimaOS to version 1.4.1 or later.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-250

Related Identifiers

BDU:2026-00215

CVE-2025-58432

GHSA-3GP9-43RG-XRCC

Affected Products

Casaos

Zimaos

CVE-2025-58432

Weakness Enumeration

Related Identifiers

Affected Products

References · 6