CVE-2025-55013

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-55013
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the service server and uses it directly as a local file name.A malicious or compromised server (or any MITM that can speak to client) can return a path-traversal payload such as `../../../etc/cron.d/evil` and force the client to write the downloaded bytes to an arbitrary location on disk. This is fixed in version 4.6.1.dev138.

4.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/CybercentreCanada/assemblyline-service-client/commit/351414e7e96cc1f5640ae71ae51b939e8ba30900
https://github.com/CybercentreCanada/assemblyline/security/advisories/GHSA-75jv-vfxf-3865
Configurations

No configuration.

History

12 Aug 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 10.0 		v2 : unknown
v3 : 4.2

11 Aug 2025, 18:32

Type Values Removed Values Added
Summary
  • (es) Assemblyline 4 Service Client interactúa con la API para obtener tareas y publicar el resultado de un servicio en Assemblyline 4. En versiones anteriores a la 4.6.1.dev138, el cliente de servicio de Assemblyline 4 (task_handler.py) acepta un valor SHA-256 devuelto por el servidor de servicio y lo usa directamente como nombre de archivo local. Un servidor malicioso o comprometido (o cualquier MITM que pueda comunicarse con el cliente) puede devolver un payload de path traversal como `../../../etc/cron.d/evil` y obligar al cliente a escribir los bytes descargados en una ubicación arbitraria del disco. Esto se solucionó en la versión 4.6.1.dev138.

09 Aug 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-09 03:15

Updated : 2025-08-12 14:15

NVD link : CVE-2025-55013

Mitre link : CVE-2025-55013

CVE.ORG link : CVE-2025-55013

JSON object : View

Products Affected

No product.

CWE
CWE-23

Relative Path Traversal