PT-2026-3024 · Imagick+1 · Imagick+1
Published
2026-01-15
·
Updated
2026-01-21
·
CVE-2025-67079
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Omnispace Agora Project versions prior to 25.10
Description
A file upload issue exists in Omnispace Agora Project. Attackers can potentially execute code by uploading a specially crafted PDF file. This is possible through the MSL engine of the Imagick library, specifically within the file upload and thumbnail functions.
Recommendations
Update Omnispace Agora Project to version 25.10 or later.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Imagick
Omnispace Agora Project