Unrated severityNVD Advisory· Published Aug 6, 2025· Updated Aug 7, 2025
CVE-2025-51056
CVE-2025-51056
Description
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE).
Affected products
2- Vedo Suite/Vedo Suitedescription
- Range: = 2024.17
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- bottinelli.commitre
News mentions
0No linked articles in our index yet.