VYPR
Medium severity6.5NVD Advisory· Published Jan 16, 2025· Updated Jun 17, 2026

CVE-2025-0473

CVE-2025-0473

Description

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to ‘/pmb/authorities/import/iimport_authorities’. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • PMB/PMBllm-fuzzy
    Range: >=4.0.10
  • PMB Services/PMB platformv5
    Range: 4.0.10

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.