Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-1025Unrestricted File Upload in Cockpit

CWE-434Unrestricted File UploadCWE-1025Comparison Using Wrong Factors15 documents8 sources
Severity
7.7HIGHNVD
EPSS
4.5%
top 10.82%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cockpit-hq Cockpit
Timeline
PublishedFeb 5
Latest updateDec 16

Description

Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5cockpit-hq/cockpit< 2.4.1
Packagistcockpit-hq/cockpit< 2.4.1

🔴Vulnerability Details

5
GHSA
tough failure to detect delegated target rollback2025-03-28
GHSA
tough timestamp metadata is cached when it fails snapshot rollback check2025-03-28
CVEList
CVE-2025-1025: Versions of the package cockpit-hq/cockpit before 22025-02-05
GHSA
Cockpit Arbitrary File Upload2025-02-05
OSV
Cockpit Arbitrary File Upload2025-02-05

💥Exploits & PoCs

1
Nuclei
Cockpit < 2.4.1 - Arbitrary File Upload

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Cockpit Authenticated Arbitrary PHP File Upload (CVE-2025-1025)2025-03-11

📋Vendor Advisories

6
Red Hat
kernel: mptcp: Fix proto fallback detection with BPF2025-12-16
Red Hat
kernel: io_uring: fix incorrect io_kiocb reference in io_link_skb2025-10-09
Red Hat
kernel: ACPI: pfr_update: Fix the driver update version check2025-09-05
Red Hat
kernel: jbd2: remove wrong sb->s_sequence check2025-05-09
Red Hat
haproxy: Buffer Overflow via Improper Back-Reference Replacement Length Check2025-04-09
CVE-2025-1025 — Unrestricted File Upload in Cockpit | cvebase