VYPR

Torrent Suite

by Thermofisher

CVEs (5)

  • CVE-2026-41085HigMay 18, 2026
    risk 0.57cvss 8.8epss 0.00

    Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces.

  • CVE-2025-54306Dec 4, 2025
    risk 0.00cvss epss 0.01

    An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through…

  • CVE-2025-54305Dec 4, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTE_ADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or…

  • CVE-2025-54303Dec 4, 2025
    risk 0.00cvss epss 0.00

    The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends…

  • CVE-2025-54307Dec 4, 2025
    risk 0.00cvss epss 0.01

    An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server. The plupload_file_upload…