High severity8.8NVD Advisory· Published Sep 16, 2025· Updated Jun 17, 2026
CVE-2025-56263
CVE-2025-56263
Description
by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- by-night/smsdescription
Patches
Vulnerability mechanics
References
2- github.com/by-night/sms/issues/50nvdExploitIssue TrackingThird Party Advisory
- github.com/echo0d/vulnerability/blob/main/by-night_sms/fileUpload.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.