CVE-2025-67079
Published: 15 January 2026
Description
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation by upgrading to Omnispace Agora Project 25.10 patches the file upload vulnerability exploiting Imagick's MSL engine.
Information input validation on file uploads rejects crafted PDFs that trigger arbitrary code execution via the MSL engine.
Restricting file upload inputs to safe types and whitelisting prevents unrestricted upload of dangerous PDFs exploiting the vulnerability.
Security SummaryAI
CVE-2025-67079 is a file upload vulnerability in the Omnispace Agora Project prior to version 25.10. The issue affects the file upload and thumbnail functions, which leverage the MSL engine of the Imagick library for processing. By submitting a crafted PDF file, attackers can trigger arbitrary code execution through this component.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it highly severe. Unauthenticated remote attackers can exploit it over the network with low complexity and no user interaction, achieving high-impact effects on confidentiality, integrity, and availability. It is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type).
Advisories detailing mitigations are available at https://www.agora-project.net and https://www.helx.io/blog/advisory-agora-project/. Practitioners should upgrade to Omnispace Agora Project 25.10 or later to address the vulnerability.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated remote attackers to achieve arbitrary code execution via crafted PDF file upload in a public-facing web application, directly mapping to exploitation of public-facing applications.