WRITEUP

WRITEUP

Exploit for CVE-2025-66449 - ConvertX <0.16.0 - Code Injection

AI Analysis

This patch addresses a path traversal vulnerability in the file upload functionality of the target software by sanitizing filenames before writing them to disk. The original code directly used user-provided filenames, allowing attackers to write files outside the intended directory.

Attack Type

other

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1006 - Direct Volume Access

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/C4illin/ConvertX/commit/550f472451755d095cf5802bc91f403e85b7129e

Authors

Emrik Östling

Vulnerability

CVE-2025-66449

ConvertX <0.16.0 - Code Injection

HIGH

CVSS 8.8