← back
CVE-2025-55912

CVE-2025-55912

CVSS 7.3 HIGHEPSS 1.4%CWE-434
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/52435unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/MacWarrior/clipbucket-v5/blob/5.5.0/upload/actions/photo_uploader.phphttps://github.com/MacWarrior/clipbucket-v5/releases?page=2https://github.com/MacWarrior/clipbucket-v5/tree/5.5.0https://medium.com/@mukund.s1337/cve-2025-55912-clipbucket-5-5-0-unauthenticated-arbitrary-file-upload-rce-720c0c0fbc58