WRITEUP

WRITEUP
Exploit for CVE-2025-66384 - MISP <2.5.24 - Info Disclosure
AI Analysis

This patch fixes a security vulnerability in MISP's EventsController.php where the file upload validation logic was flawed, allowing invalid files to bypass checks. The fix ensures proper validation of the file upload error status and temporary file path.

Attack Type
auth_bypass
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1552.001 - Credentials In Files
Loading exploit code...
Download ZIP Password: eip
Source
Platform Writeup
Type patch
Files 1
Authors
iglocska
Vulnerability
CVE-2025-66384
MISP <2.5.24 - Info Disclosure
HIGH
CVSS 8.2