Critical severityNVD Advisory· Published Feb 4, 2025· Updated Apr 15, 2026

CVE-2025-24971

Description

DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, /upload/init endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely when the Apprise Notification enabled. This issue has been addressed in commit 4ff8469d and all users are advised to patch. There are no known workarounds for this vulnerability.

Patches

4ff8469d6901

https://github.com/dumbwareio/dumbdropvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/DumbWareio/DumbDrop/commit/4ff8469d69019d200046a67d326f51703bc4da63nvd
github.com/DumbWareio/DumbDrop/security/advisories/GHSA-rx8m-jqm7-vcgpnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.008
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000