CVE-2025-67079_CVE-2025-67079

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.

AI Analysis

File upload vulnerability allowing code execution through the MSL engine of the Imagick library via crafted PDF files

Basic Information

ID CVE-2025-67079

Source mitre

Published Jan 15, 2026 at 00:00

Modified Jan 15, 2026 at 15:55

Affected Product

Vendor n/a

Product n/a

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-434

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Omnispace

Product Agora Project

Version before 25.10

References

{
    "lastseen": "",
    "description": "File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.",
    "published": "2026-01-15T00:00:00.000Z",
    "modified": "2026-01-15T15:55:11.489Z",
    "type": "cve",
    "title": "CVE-2025-67079",
    "source": "mitre",
    "references": "https://www.agora-project.net\nhttps://www.helx.io/blog/advisory-agora-project/",
    "id": "CVE-2025-67079",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n/a",
    "version": "n/a",
    "vendor": "n/a",
    "ai_description": "File upload vulnerability allowing code execution through the MSL engine of the Imagick library via crafted PDF files",
    "ai_severity": "Critical",
    "ai_vendor": "Omnispace",
    "ai_product": "Agora Project",
    "ai_version": "before 25.10",
    "ai_score": 9.8
}