cbcvebase.
CVE-2025-55156
published 2025-08-11

CVE-2025-55156: pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is…

PriorityP349high7.8CVSS 4.0
AVNACLATNPRNUINVCNVIHVAHSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.30%
22.0th percentile
pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.

Affected

2 ranges
VendorProductVersion rangeFixed in
pyload-ng_projectpyload-ng>= 0 < 0.5.0b3.dev910.5.0b3.dev91
pyloadpyload< 0.5.0b3.dev910.5.0b3.dev91
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.