Cyber Resilience

CVE-2025-55383

High

Published: 21 August 2025

Published
21 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.0023 45.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55383 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-55383 is a file upload vulnerability affecting Moss versions prior to v0.15. The vulnerability stems from the "upload" function configuration, which permits attackers to upload files with any extension to arbitrary locations on the target server. This issue is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L), indicating high severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.

Remote attackers without authentication can exploit this vulnerability over the network by leveraging the upload functionality. Successful exploitation allows them to place malicious files anywhere on the server, potentially enabling confidentiality breaches through data exfiltration, limited integrity modifications, or minor availability disruptions as reflected in the CVSS metrics.

The GitHub issue at https://github.com/deep-project/moss/issues/16 serves as the primary reference for this vulnerability, with mitigation achieved by upgrading to Moss v0.15 or later, which addresses the flawed upload configuration.

EU & UK References

Vulnerability details

Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload on public-facing app directly enables exploitation of the application (T1190) and ingress of arbitrary tools/malware including web shells (T1105, T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-6207Shared CWE-434
CVE-2024-50620Shared CWE-434
CVE-2025-12171Shared CWE-434
CVE-2025-26325Shared CWE-434
CVE-2025-6079Shared CWE-434
CVE-2024-13448Shared CWE-434
CVE-2025-51056Shared CWE-434
CVE-2025-66256Shared CWE-434
CVE-2026-32523Shared CWE-434
CVE-2025-6423Shared CWE-434

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents unrestricted file uploads by validating uploaded file extensions, types, content, and target paths before allowing storage on the server.

prevent

CM-6 ensures the upload function in Moss is configured with secure settings to restrict allowed file extensions and target directories, addressing the flawed configuration.

prevent

AC-3 enforces logical access controls to limit the upload mechanism's write permissions to authorized server locations only, mitigating arbitrary path uploads.

References