VYPR

Swupdate

by Sbabic

Source repositories

CVEs (2)

  • CVE-2025-41259HigJun 3, 2026
    risk 0.40cvss epss 0.00

    SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update.

  • CVE-2026-28525MedApr 23, 2026
    risk 0.37cvss 6.8epss 0.00

    SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP…