CVE-2025-51056

High CVSS 8.2

Overview

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).

CWE: CWE-434 Published: 2025-08-06T21:15:30.260

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.2 (HIGH)
Detected tags: rce, upload (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.
Restrict types/MIME, store outside web root, inspect content.

Overview

Recommended tools

Tags