Skip to main content

Debian EUVDEUVD-2025-20395

| CVE-2025-7346 HIGH
Improper Preservation of Permissions (CWE-281)
2025-07-08 1c6b5737-9389-4011-8117-89fa251edfb2 GHSA-x698-5hjm-w2m5
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 04:21 euvd
EUVD-2025-20395
Analysis Generated
Mar 16, 2026 - 04:21 vuln.today
CVE Published
Jul 08, 2025 - 07:15 nvd
HIGH 8.7

DescriptionCVE.org

Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages

AnalysisAI

CVE-2025-7346 is a security vulnerability (CVSS 8.7). High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type not specified by vendor. CVSS 8.7 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability.

Vendor StatusVendor

Debian

Bug #1001980
pyload
Release Status Fixed Version Urgency
open - -

Share

EUVD-2025-20395 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy