CVE-2025-1025

CVE-2025-1025 affects versions of the cockpit-hq/cockpit package prior to 2.4.1, enabling an arbitrary file upload vulnerability. Attackers can bypass the upload filter by using different file extensions, as detailed in the CVE description. This issue, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating high severity due to its potential for integrity compromise without requiring authentication or user interaction.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity. By crafting a malicious file upload request that evades the extension-based filter, the attacker achieves arbitrary file upload on the server, leading to high integrity impact as reflected in the CVSS score. This could allow persistence, further compromise, or execution of uploaded malicious content depending on server configuration and file handling.

Mitigation involves updating to cockpit-hq/cockpit version 2.4.1 or later, where the vulnerability is addressed via patches in specific GitHub commits (984ef9ad270357b843af63c81db95178eae42cae and becca806c7071ecc732521bb5ad0bb9c64299592). Security advisories from sources like Snyk (SNYK-PHP-COCKPITHQCOCKPIT-8516320) and related gists confirm the fix and recommend applying these updates promptly to prevent exploitation.