CVE-2025-55383
Published: 21 August 2025
Summary
CVE-2025-55383 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly prevents unrestricted file uploads by validating uploaded file extensions, types, content, and target paths before allowing storage on the server.
CM-6 ensures the upload function in Moss is configured with secure settings to restrict allowed file extensions and target directories, addressing the flawed configuration.
AC-3 enforces logical access controls to limit the upload mechanism's write permissions to authorized server locations only, mitigating arbitrary path uploads.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unrestricted file upload on public-facing app directly enables exploitation of the application (T1190) and ingress of arbitrary tools/malware including web shells (T1105, T1505.003).
NVD Description
Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server.
Deeper analysisAI
CVE-2025-55383 is a file upload vulnerability affecting Moss versions prior to v0.15. The vulnerability stems from the "upload" function configuration, which permits attackers to upload files with any extension to arbitrary locations on the target server. This issue is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L), indicating high severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.
Remote attackers without authentication can exploit this vulnerability over the network by leveraging the upload functionality. Successful exploitation allows them to place malicious files anywhere on the server, potentially enabling confidentiality breaches through data exfiltration, limited integrity modifications, or minor availability disruptions as reflected in the CVSS metrics.
The GitHub issue at https://github.com/deep-project/moss/issues/16 serves as the primary reference for this vulnerability, with mitigation achieved by upgrading to Moss v0.15 or later, which addresses the flawed upload configuration.
Details
- CWE(s)