CVE-2025-0473
Published: 16 January 2025
Description
Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to ‘/pmb/authorities/import/iimport_authorities’. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.
Security Summary
CVE-2025-0473 is a vulnerability in the PMB platform that enables an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. The issue resides in the file upload functionality at the '/pmb/authorities/import/iimport_authorities' endpoint. During the normal workflow, a file upload creates a temporary file on the server, which is subsequently deleted after the client sends a follow-up POST request to the same endpoint. This process is automated by the web client, but it can be disrupted by an attacker.
The vulnerability has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), indicating network accessibility with low attack complexity, requiring low privileges, no user interaction, and unchanged scope, primarily impacting confidentiality. An authenticated attacker with low privileges can exploit this by intercepting and delaying or omitting the second POST request, preventing the automatic deletion of the temporary file and allowing persistent storage of potentially sensitive uploaded content on the server.
The INCIBE advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform documents this as one of multiple vulnerabilities in the PMB platform.
Details
- CWE(s)