CVE-2025-54802
Published: 05 August 2025
Summary
CVE-2025-54802 is a critical-severity Path Traversal (CWE-22) vulnerability in Pyload-Ng Project Pyload-Ng. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents path traversal exploits by validating the package parameter in the addcrypted endpoint against expected formats to block arbitrary file paths.
Remediates the unsafe path construction vulnerability by identifying and patching the flaw as fixed in pyLoad version 0.5.0b3.dev90.
Limits impact of arbitrary file writes by enforcing least privilege, preventing overwrites of root-owned critical files like cron jobs and systemd services.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal enables unauthenticated remote exploitation of public-facing pyLoad (T1190); arbitrary writes directly facilitate overwriting cron jobs (T1053.003) and systemd services (T1543.002) for RCE and privilege escalation.
NVD Description
pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint via package parameter, allowing Arbitrary File Write which leads to Remote Code…
more
Execution (RCE). The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside the designated storage directory. This can be abused to overwrite critical system files, including cron jobs and systemd services, leading to privilege escalation and remote code execution as root. This issue is fixed in version 0.5.0b3.dev90.
Deeper analysisAI
CVE-2025-54802 is a path traversal vulnerability (CWE-22) affecting pyLoad, a free and open-source Download Manager written in pure Python. The issue exists in versions 0.5.0b3.dev89 and below, specifically in the pyLoad-ng CNL Blueprint via the package parameter in the addcrypted endpoint. This unsafe path construction enables arbitrary file writes outside the designated storage directory, potentially leading to remote code execution (RCE). The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By manipulating the package parameter, they can write arbitrary files to locations outside the storage directory, including overwriting critical system files such as cron jobs and systemd services. Successful exploitation allows privilege escalation and RCE as root.
The vulnerability is fixed in pyLoad version 0.5.0b3.dev90. Mitigation involves updating to this version or later. Official resources include the fixing commit at https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4, pull request https://github.com/pyload/pyload/pull/4596, and GitHub Security Advisory https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264.
Details
- CWE(s)