CVE 10 CRITICAL

CVE-2025-63414_CVE-2025-63414

December 16, 2025 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute arbitrary commands on the underlying operating system, leading to full remote code execution (RCE).

AI Analysis

Path Traversal vulnerability allowing arbitrary command execution

Basic Information

ID CVE-2025-63414

Source mitre

Published Dec 16, 2025 at 00:00

Modified Dec 16, 2025 at 16:47

Affected Product

Vendor AllskyTeam

Product Allsky WebUI

Version v2024.12.06_06

Affected Versions n/a n/a n/a

CWE Classification

CWE-22 CWE-78

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor AllskyTeam

Product Allsky WebUI

Version v2024.12.06_06

References

{
    "lastseen": "",
    "description": "A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute arbitrary commands on the underlying operating system, leading to full remote code execution (RCE).",
    "published": "2025-12-16T00:00:00.000Z",
    "modified": "2025-12-16T16:47:23.031Z",
    "type": "cve",
    "title": "CVE-2025-63414",
    "source": "mitre",
    "references": "https://github.com/AllskyTeam/allsky\nhttps://github.com/AllskyTeam/allsky/blob/master/html/execute.php\nhttps://gh0stmezh.wordpress.com/2025/12/02/cve-2025-63414/",
    "id": "CVE-2025-63414",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22",
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Allsky WebUI",
    "version": "v2024.12.06_06",
    "vendor": "AllskyTeam",
    "ai_description": "Path Traversal vulnerability allowing arbitrary command execution",
    "ai_severity": "Critical",
    "ai_vendor": "AllskyTeam",
    "ai_product": "Allsky WebUI",
    "ai_version": "v2024.12.06_06",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply