- Description
- Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to ‘/pmb/authorities/import/iimport_authorities’. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.
- Source
- cve-coordination@incibe.es
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- cve-coordination@incibe.es
- CWE-459
- Hype score
- Not currently trending
CVE-2025-0473 Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in th… https://t.co/IyZqzQ7y7P
@CVEnew
18 Jan 2025
184 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-0473 | PMB Services PMB Platform 4.0.10 File Upload iimport_authorities cleanup) has been published on https://t.co/tniVfy0AQ4
@WolfgangSesin
16 Jan 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-0473 | PMB Services PMB Platform 4.0.10 File Upload iimport_authorities cleanup) has been published on https://t.co/0vYqLZY18H
@WolfgangSesin
16 Jan 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sigb:pmb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6401CB3-4434-4086-AA89-E1326CED5673",
"versionStartIncluding": "4.0.10"
}
],
"operator": "OR"
}
]
}
]