8.7
CVE-2025-7346
- EPSS 0.32%
- Veröffentlicht 08.07.2025 07:05:11
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 1c6b5737-9389-4011-8117-89fa25
- CVE-Watchlists
- Unerledigt
Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPyload
≫
Produkt
Pyload
Default Statusunknown
Version <=
0.5.0b3.dev77
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.23 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 1c6b5737-9389-4011-8117-89fa251edfb2 | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-281 Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
https://github.com/pyload/pyload/security/advisories/GHSA-x698-5hjm-w2m5