High severityGHSA Advisory· Published Jul 8, 2025· Updated Apr 15, 2026
CVE-2025-7346
CVE-2025-7346
Description
Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pyload-ngPyPI | <= 0.5.0b3.dev88 | — |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-x698-5hjm-w2m5ghsaADVISORY
- github.com/pyload/pyload/blob/4159a1191ec4fe6d927e57a9c4bb8f54e16c381d/src/pyload/webui/app/blueprints/cnl_blueprint.pyghsaWEB
- github.com/pyload/pyload/blob/4159a1191ec4fe6d927e57a9c4bb8f54e16c381d/src/pyload/webui/app/blueprints/cnl_blueprint.pyghsaWEB
- github.com/pyload/pyload/commit/f4e2d12416ba2dfac7b036d5c8d6dab5461b9840ghsaWEB
- github.com/pyload/pyload/security/advisories/GHSA-x698-5hjm-w2m5nvdWEB
News mentions
0No linked articles in our index yet.