Cyber Resilience

CVE-2025-67077

High

Published: 15 January 2026

Published
15 January 2026
Modified
21 January 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0036 27.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-67077 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Agora-Project Agora-Project. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-67077 is a file upload vulnerability in the Omnispace Agora Project versions prior to 25.10. The issue resides in the UploadTmpFile action, which permits unrestricted file uploads (CWE-434). It has been assigned a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.

The vulnerability can be exploited by authenticated users with low privileges over the network with low attack complexity and no user interaction required. Under certain conditions, guest users may also be able to exploit it. Successful exploitation allows attackers to upload arbitrary files, potentially leading to remote code execution, data compromise, or system disruption given the high impact ratings across all vectors.

Advisories are available from the Agora Project website (https://www.agora-project.net) and Helx.io (https://www.helx.io/blog/advisory-agora-project/), which detail mitigation steps. Upgrading to Omnispace Agora Project version 25.10 or later resolves the vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload (CWE-434) in a network-accessible web app directly enables exploitation of public-facing applications and deployment of web shells for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-67079Same product: Agora-Project Agora-Project
CVE-2025-67076Same product: Agora-Project Agora-Project
CVE-2025-22654Shared CWE-434
CVE-2025-11948Shared CWE-434
CVE-2025-67260Shared CWE-434
CVE-2025-28915Shared CWE-434
CVE-2023-53956Shared CWE-434
CVE-2025-6058Shared CWE-434
CVE-2021-47819Shared CWE-434
CVE-2025-7852Shared CWE-434

Affected Assets

agora-project
agora-project
≤ 25.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates unrestricted file uploads by requiring validation of all inputs, including uploaded files, to prevent acceptance of arbitrary or malicious content.

prevent

Restricts file upload inputs to only necessary types and quantities, blocking arbitrary file uploads by low-privilege or guest users.

prevent

Requires timely identification, reporting, and correction of flaws like this UploadTmpFile vulnerability through patching to version 25.10 or later.

References