CVE-2025-67079

Published: Jan 15, 2026Modified: Jan 21, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.

Affected (1)

Products: Agora Project: Agora Project

Agora Project

1 product

Agora Project

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Agora Project Agora Project	Before 25.10

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.agora-project.net

Source: cve@mitre.org

Product

https://www.helx.io/blog/advisory-agora-project/

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.