Unrated severityOSV Advisory· Published Dec 16, 2025· Updated Dec 16, 2025

CVE-2025-63414

Description

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute arbitrary commands on the underlying operating system, leading to full remote code execution (RCE).

Affected products

AllskyTeam/AllskyOSV
Range: V0.2, V0.4, v0.5, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gh0stmezh.wordpress.com/2025/12/02/cve-2025-63414/mitre
github.com/AllskyTeam/allsky/blob/master/html/execute.phpmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000