Cyber Resilience

CVE-2025-61506

CriticalPublic PoC

Published: 03 February 2026

Published
03 February 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0056 42.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-61506 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Mediacrush Mediacrush. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-61506, published on 2026-02-03, is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting MediaCrush through version 1.0.1. The issue, tied to CWE-434 (Unrestricted Upload of File with Dangerous Type), enables remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.

Any remote attacker with network access can exploit this vulnerability without authentication, privileges, or user interaction due to its low attack complexity. Exploitation allows uploading files unrestricted by type or size, potentially granting high-impact access to confidentiality, integrity, and availability, such as executing malicious code if web servers process uploaded files.

Advisories reference a GitHub Gist at https://gist.github.com/pescada-dev/a046d36e8026bbaf1ee591c6dad0d7e6 for further details on the vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

CVE enables exploitation of a public-facing web application (/upload endpoint) for unauthenticated arbitrary file upload (T1190), facilitating deployment and execution of web shells (T1100).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-22654Shared CWE-434
CVE-2025-11948Shared CWE-434
CVE-2025-67260Shared CWE-434
CVE-2025-28915Shared CWE-434
CVE-2023-53956Shared CWE-434
CVE-2025-6058Shared CWE-434
CVE-2021-47819Shared CWE-434
CVE-2025-7852Shared CWE-434
CVE-2026-4883Shared CWE-434
CVE-2019-25630Shared CWE-434

Affected Assets

mediacrush
mediacrush
≤ 1.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CWE-434 unrestricted file uploads by validating file types, sizes, and content at the /upload endpoint before acceptance.

prevent

Prevents unauthenticated remote attackers from accessing the /upload endpoint by enforcing logical access controls requiring identification and authorization.

prevent

Provides protections for the publicly accessible /upload endpoint to limit unauthorized exploitation of unrestricted file upload capabilities.

References