CVE-2025-54802
published 2025-08-05CVE-2025-54802: pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.14%
62.6th percentile
pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pyload-ng_project | pyload-ng | — | — |
| pyload-ng_project | pyload-ng | >= 0 < 0.5.0b3.dev90 | 0.5.0b3.dev90 |
| pyload | pyload | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
osv·2025-08-04
CVE-2025-54802 [CRITICAL] pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
### Summary
**Path Traversal in pyLoad-ng CNL Blueprint via `package` parameter allows Arbitrary File Write leading to Remote Code Execution (RCE)** The `addcrypted` endpoint in `pyload-ng` suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root.
### Details
* **Endpoint**: `POST /addcrypted`
* **Issue**: `src/pyload/webui/app/blueprints/cnl_blueprint.py`
#### Vulnerable Code
```python
dlc_path = os.path.join(
dl_path, pac
GHSA
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
ghsa·2025-08-04
CVE-2025-54802 [CRITICAL] CWE-22 pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
### Summary
**Path Traversal in pyLoad-ng CNL Blueprint via `package` parameter allows Arbitrary File Write leading to Remote Code Execution (RCE)** The `addcrypted` endpoint in `pyload-ng` suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root.
### Details
* **Endpoint**: `POST /addcrypted`
* **Issue**: `src/pyload/webui/app/blueprints/cnl_blueprint.py`
#### Vulnerable Code
```python
dlc_path = os.path.join(
dl_path, pac
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-05
Published