CVE-2025-55743 HIGH

CVE-2025-55743: UnoPim vulnerable to remote code execution through Arbitrary File upload

Vendor Unopim
Product unopim
Weakness CWE-434 · Unrestricted file upload
Published August 21, 2025
Last update August 21, 2025

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy like Burp suite. Make changes to the file extension and content. The vulnerability is fixed in 0.2.1.

Key dates

02Disclosure timeline

August 21, 2025 CVE published
August 21, 2025 Record updated