Vulnerability Details CVE-2025-58432
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.7%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2025-58432
-
cpe:2.3:o:zimaspace:zimaos:-
-
cpe:2.3:o:zimaspace:zimaos:0.4.8
-
cpe:2.3:o:zimaspace:zimaos:0.4.8.1
-
cpe:2.3:o:zimaspace:zimaos:0.4.9
-
cpe:2.3:o:zimaspace:zimaos:0.4.9.1
-
cpe:2.3:o:zimaspace:zimaos:0.4.9.2
-
cpe:2.3:o:zimaspace:zimaos:0.4.9.3
-
cpe:2.3:o:zimaspace:zimaos:0.4.9.4
-
cpe:2.3:o:zimaspace:zimaos:0.5.0
-
cpe:2.3:o:zimaspace:zimaos:1.0.0
-
cpe:2.3:o:zimaspace:zimaos:1.1.0
-
cpe:2.3:o:zimaspace:zimaos:1.2.2
-
cpe:2.3:o:zimaspace:zimaos:1.2.3
-
cpe:2.3:o:zimaspace:zimaos:1.2.4
-
cpe:2.3:o:zimaspace:zimaos:1.2.5
-
cpe:2.3:o:zimaspace:zimaos:1.3.0
-
cpe:2.3:o:zimaspace:zimaos:1.3.0-1
-
cpe:2.3:o:zimaspace:zimaos:1.3.0-2
-
cpe:2.3:o:zimaspace:zimaos:1.3.1
-
cpe:2.3:o:zimaspace:zimaos:1.3.1-1
-
cpe:2.3:o:zimaspace:zimaos:1.3.2
-
cpe:2.3:o:zimaspace:zimaos:1.3.2-1
-
cpe:2.3:o:zimaspace:zimaos:1.3.3
-
cpe:2.3:o:zimaspace:zimaos:1.4.0
-
cpe:2.3:o:zimaspace:zimaos:1.4.1