CVE-2025-66384
Published: 28 November 2025
Summary
CVE-2025-66384 is a high-severity Incorrect Provision of Specified Functionality (CWE-684) vulnerability. Its CVSS base score is 8.2 (High).
Operationally, ranked at the 23.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-199869
Vulnerability details
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Periodic checks confirm that specified security and privacy functions are actually provided and operating.