cvelistv5 - CVE-2025-53890

CVE-2025-53890 (GCVE-0-2025-53890)

Vulnerability from cvelistv5 – Published: 2025-07-14 23:57 – Updated: 2025-07-15 19:48

Summary

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/pyload/pyload/security/advisor…	x_refsource_CONFIRM
	https://github.com/pyload/pyload/pull/4586	x_refsource_MISC
	https://github.com/pyload/pyload/commit/909e5c978…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	pyload	pyload	Affected: < 0.5.0b3.dev89

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53890",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-15T13:24:23.757076Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-15T19:48:50.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pyload",
          "vendor": "pyload",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.5.0b3.dev89"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad\u2019s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-14T23:57:20.830Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53"
        },
        {
          "name": "https://github.com/pyload/pyload/pull/4586",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyload/pyload/pull/4586"
        },
        {
          "name": "https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546"
        }
      ],
      "source": {
        "advisory": "GHSA-8w3f-4r8f-pf53",
        "discovery": "UNKNOWN"
      },
      "title": "pyLoad vulnerable to remote code execution through js2py onCaptchaResult"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53890",
    "datePublished": "2025-07-14T23:57:09.574Z",
    "dateReserved": "2025-07-11T19:05:23.824Z",
    "dateUpdated": "2025-07-15T19:48:50.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-53890\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-07-15T00:15:24.150\",\"lastModified\":\"2025-07-15T20:15:51.080\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad\u2019s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.\"},{\"lang\":\"es\",\"value\":\"Pyload es un gestor de descargas de c\u00f3digo abierto escrito en Python puro. Una vulnerabilidad de evaluaci\u00f3n de JavaScript insegura en el c\u00f3digo de procesamiento de CAPTCHA de PyLoad permite a atacantes remotos no autenticados ejecutar c\u00f3digo arbitrario en el navegador del cliente y, potencialmente, en el servidor backend. Su explotaci\u00f3n no requiere interacci\u00f3n ni autenticaci\u00f3n del usuario y puede provocar el secuestro de sesi\u00f3n, el robo de credenciales y la ejecuci\u00f3n remota de c\u00f3digo en todo el sistema. El commit 909e5c97885237530d1264cfceb5555870eb9546, el parche para este problema, est\u00e1 incluido en la versi\u00f3n 0.5.0b3.dev89.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pyload/pyload/pull/4586\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53890\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-15T13:24:23.757076Z\"}}}], \"references\": [{\"url\": \"https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-15T13:24:24.821Z\"}}], \"cna\": {\"title\": \"pyLoad vulnerable to remote code execution through js2py onCaptchaResult\", \"source\": {\"advisory\": \"GHSA-8w3f-4r8f-pf53\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"pyload\", \"product\": \"pyload\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.5.0b3.dev89\"}]}], \"references\": [{\"url\": \"https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53\", \"name\": \"https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pyload/pyload/pull/4586\", \"name\": \"https://github.com/pyload/pyload/pull/4586\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546\", \"name\": \"https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad\\u2019s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-07-14T23:57:20.830Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-53890\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-15T19:48:50.099Z\", \"dateReserved\": \"2025-07-11T19:05:23.824Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-07-14T23:57:09.574Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-8W3F-4R8F-PF53

Vulnerability from github – Published: 2025-07-15 15:38 – Updated: 2025-07-15 15:38

Summary

pyLoad vulnerable to XSS through insecure CAPTCHA

Details

Summary

An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system rce.

Details

The vulnerable code resides in

function onCaptchaResult(result) {
    eval(result); // Direct execution of attacker-controlled input
}

The onCaptchaResult() function directly passes CAPTCHA results (sent from the user) into eval()
No sanitization or validation is performed on this input
A malicious CAPTCHA result can include JavaScript such as fetch() or child_process.exec() in environments using NodeJS
Attackers can fully hijack sessions and pivot to remote code execution on the server if the environment allows it

Reproduction Methods

Official Source Installation:

git clone https://github.com/pyload/pyload
cd pyload
git checkout 0.4.20
python -m pip install -e .
pyload --userdir=/tmp/pyload

Virtual Environment:

python -m venv pyload-env
source pyload-env/bin/activate
pip install pyload==0.4.20
pyload

CAPTCHA Endpoint Verification

Technical Clarification:
1. The vulnerable endpoint is actually: /interactive/captcha

Complete PoC Request:

POST /interactive/captcha HTTP/1.1
Host: localhost:8000
Content-Type: application/x-www-form-urlencoded

cid=123&response=1%3Balert(document.cookie)

Curl Command Correction:

curl -X POST "http://localhost:8000/interactive/captcha" \
  -d "cid=123&response=1%3Balert(document.cookie)"

Vulnerable Code Location:
The eval() vulnerability is confirmed in: src/pyload/webui/app/static/js/captcha-interactive.user.js

Resources

https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546
OWASP: Avoid eval()
#4586

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pyload-ng"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53890"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-15T15:38:10Z",
    "nvd_published_at": "2025-07-15T00:15:24Z",
    "severity": "CRITICAL"
  },
  "details": "#### Summary\nAn unsafe JavaScript evaluation vulnerability in pyLoad\u2019s CAPTCHA processing code allows **unauthenticated remote attackers** to execute **arbitrary code** in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system rce.\n\n\n\n#### Details\nThe vulnerable code resides in \n```javascript\nfunction onCaptchaResult(result) {\n    eval(result); // Direct execution of attacker-controlled input\n}\n```\n\n* The `onCaptchaResult()` function directly passes CAPTCHA results (sent from the user) into `eval()`\n* No sanitization or validation is performed on this input\n* A malicious CAPTCHA result can include JavaScript such as `fetch()` or `child_process.exec()` in environments using NodeJS\n* Attackers can fully hijack sessions and pivot to remote code execution on the server if the environment allows it\n\n\n\n### Reproduction Methods\n1. **Official Source Installation**:\n```bash\ngit clone https://github.com/pyload/pyload\ncd pyload\ngit checkout 0.4.20\npython -m pip install -e .\npyload --userdir=/tmp/pyload\n```\n\n2. **Virtual Environment**:\n```bash\npython -m venv pyload-env\nsource pyload-env/bin/activate\npip install pyload==0.4.20\npyload\n```\n\n## CAPTCHA Endpoint Verification\n\n\n**Technical Clarification**:  \n1. The vulnerable endpoint is actually:\n   ```\n   /interactive/captcha\n   ```\n\n2. Complete PoC Request:\n```http\nPOST /interactive/captcha HTTP/1.1\nHost: localhost:8000\nContent-Type: application/x-www-form-urlencoded\n\ncid=123\u0026response=1%3Balert(document.cookie)\n```\n\n3. Curl Command Correction:\n```bash\ncurl -X POST \"http://localhost:8000/interactive/captcha\" \\\n  -d \"cid=123\u0026response=1%3Balert(document.cookie)\"\n```\n\n\n1. **Vulnerable Code Location**:  \n   The eval() vulnerability is confirmed in:\n   ```\n   src/pyload/webui/app/static/js/captcha-interactive.user.js\n   ```\n\n\n\n### **Resources**\n\n1. https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546\n2. [OWASP: Avoid `eval()`](https://cheatsheetseries.owasp.org/cheatsheets/JavaScript_Security_Cheat_Sheet.html#eval)\n3. [#4586](https://github.com/pyload/pyload/pull/4586)",
  "id": "GHSA-8w3f-4r8f-pf53",
  "modified": "2025-07-15T15:38:10Z",
  "published": "2025-07-15T15:38:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53890"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyload/pyload/pull/4586"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pyload/pyload"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "pyLoad vulnerable to XSS through insecure CAPTCHA "
}

FKIE_CVE-2025-53890

Vulnerability from fkie_nvd - Published: 2025-07-15 00:15 - Updated: 2025-07-15 20:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546
	security-advisories@github.com	https://github.com/pyload/pyload/pull/4586
	security-advisories@github.com	https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad\u2019s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89."
    },
    {
      "lang": "es",
      "value": "Pyload es un gestor de descargas de c\u00f3digo abierto escrito en Python puro. Una vulnerabilidad de evaluaci\u00f3n de JavaScript insegura en el c\u00f3digo de procesamiento de CAPTCHA de PyLoad permite a atacantes remotos no autenticados ejecutar c\u00f3digo arbitrario en el navegador del cliente y, potencialmente, en el servidor backend. Su explotaci\u00f3n no requiere interacci\u00f3n ni autenticaci\u00f3n del usuario y puede provocar el secuestro de sesi\u00f3n, el robo de credenciales y la ejecuci\u00f3n remota de c\u00f3digo en todo el sistema. El commit 909e5c97885237530d1264cfceb5555870eb9546, el parche para este problema, est\u00e1 incluido en la versi\u00f3n 0.5.0b3.dev89."
    }
  ],
  "id": "CVE-2025-53890",
  "lastModified": "2025-07-15T20:15:51.080",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-15T00:15:24.150",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pyload/pyload/pull/4586"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-53890 (GCVE-0-2025-53890)

GHSA-8W3F-4R8F-PF53

Summary

Details

Reproduction Methods

CAPTCHA Endpoint Verification

Resources

FKIE_CVE-2025-53890

Tags

Sightings

Nomenclature