CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Svenstaro: >> Miniserve Security Vulnerabilities

CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume).

CVSS Score

6.8

EPSS Score

0.0

Published

2026-01-23

Page 1

Vulnerabilities

Vulnerable Software

Svenstaro: >> Miniserve Security Vulnerabilities

Products

Pricing

Contact Us