CVE-2025-24891

Name of the Vulnerable Software and Affected Versions Dumb Drop (affected versions not specified)

Description The issue concerns a path traversal vulnerability in the Dumb Drop file upload application. Users with permission to upload to the service can exploit this vulnerability to overwrite arbitrary system files. Since the container runs as root by default, there is no limit to what can be overwritten. This allows for the injection of malicious payloads into files that are run on schedule or upon certain service actions. If the service is not required to run with authentication enabled, this may permit wholly unprivileged users root access, or otherwise, access for anybody with a PIN.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.