CVE Daily

CVE-2025-54789

Files is a module for managing files inside spaces and user profiles. In version...

Medium CVSS 5.1

Overview

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.

CWE: CWE-80 Published: 2025-08-02T00:15:26.160
Risk analysis

This vulnerability is rated 🟑 MEDIUM.

  • CVSS: 5.1 (MEDIUM)
  • Detected tags: rce (tag impact: VERY HIGH)

Recommended actions:

  • Patch/upgrade immediately (remote code execution).
  • Reduce exposure (WAF/segmentation), minimize attack surface.

Recommended tools

Tags