CVE-2025-9173
Lifecycle Timeline
2Tags
Description
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The file upload in include/service/media.php verifies the file extension based on a list defined in include/lib/option.php. This whitelist prevents unrestricted uploads (e.g. PHP files). Therefore, the attack possibility is just of theoretical nature.
Analysis
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.
Technical Context
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The file upload in include/service/media.php verifies the file extension based on a list defined in include/lib/option.php. This whitelist prevents unrestricted uploads (e.g. PHP files). Therefore, the attack possibility is just of theoretical nature.
Affected Products
See vendor advisory for affected versions.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Share
External POC / Exploit Code
Leaving vuln.today