Executive Summary

Informations
Name CVE-2025-53890 First vendor Publication 2025-07-15
Vendor Cve Last vendor Modification 2025-07-15

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53890

Sources (Detail)

https://github.com/pyload/pyload/commit/909e5c97885237530d1264cfceb5555870eb9546
https://github.com/pyload/pyload/pull/4586
https://github.com/pyload/pyload/security/advisories/GHSA-8w3f-4r8f-pf53
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2025-07-16 02:34:38
  • Multiple Updates
2025-07-16 02:34:27
  • Multiple Updates
2025-07-16 00:20:34
  • Multiple Updates
2025-07-15 09:20:39
  • First insertion