High severity7.1NVD Advisory· Published Apr 30, 2026· Updated May 5, 2026
CVE-2025-13030
CVE-2025-13030
Description
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
django-mdeditorPyPI | <= 0.1.20 | — |
Affected products
3(expand)+ 1 more
- (no CPE)
- cpe:2.3:a:pylixm:django-mdeditor:*:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- github.com/pylixm/django-mdeditor/commit/3e80f9edcabc5d2fc136b05a501964b8a5e97cfenvdPatchWEB
- github.com/advisories/GHSA-qp2c-xqv6-phh6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-13030ghsaADVISORY
- security.snyk.io/vuln/SNYK-PYTHON-DJANGOMDEDITOR-8630926nvdThird Party AdvisoryWEB
- github.com/pylixm/django-mdeditor/blob/e8dd73fb8571ddff2e7a20a4bfa88c376cc33b62/mdeditor/views.py%23L25nvdBroken LinkWEB
- github.com/pylixm/django-mdeditor/issues/151nvdIssue TrackingWEB
- github.com/pylixm/django-mdeditor/pull/185nvdIssue TrackingWEB
News mentions
0No linked articles in our index yet.