CVE-2025-51056

Published: Aug 6, 2025Modified: Oct 9, 2025

8.2

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Exploitability: 2.8 / Impact: 4.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).

Affected (1)

Products: Vedo Suite Project: Vedo Suite

Vedo Suite Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vedo Suite Project Vedo Suite	Version 2024.17

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (3)

http://bottinelli.com

Source: cve@mitre.org

Broken Link

https://github.com/jacopoaugelli/vedo-suite-exploits

Source: cve@mitre.org

Exploit

https://github.com/jacopoaugelli/vedo-suite-exploits

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit

Timeline

No history available yet.