CVE-2025-67728

Name of the Vulnerable Software and Affected Versions Fireshare versions 1.2.30 and below

Description Fireshare is a self-hosted media and link sharing platform. Versions 1.2.30 and below allow an authenticated user, or an unauthenticated user if Public Uploads are enabled, to construct a malicious filename during video file uploads. This filename is directly incorporated into a shell command, potentially enabling path traversal for file uploads to arbitrary directories or Remote Code Execution (RCE). The issue involves the direct concatenation of the filename into a shell command. The filename variable is used in the construction of this command.

Recommendations Update Fireshare to version 1.3.0 or later.