VYPR
Critical severityOSV Advisory· Published Feb 4, 2025· Updated Jun 17, 2026

CVE-2025-24971

CVE-2025-24971

Description

DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, /upload/init endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely when the Apprise Notification enabled. This issue has been addressed in commit 4ff8469d and all users are advised to patch. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.