VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-yk3e-d92p-cubu

Essentials
Severities (14)
References (7)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-yk3e-d92p-cubu
Aliases	CVE-2025-54802 GHSA-48rp-jc79-2264
Summary	Duplicate This advisory duplicates another.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.02893	https://api.first.org/data/v1/epss?cve=CVE-2025-54802
cvssv3.1	9.8	https://github.com/pyload/pyload
generic_textual	CRITICAL	https://github.com/pyload/pyload
cvssv3.1	9.8	https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4
generic_textual	CRITICAL	https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4
ssvc	Track*	https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4
cvssv3.1	9.8	https://github.com/pyload/pyload/pull/4596
generic_textual	CRITICAL	https://github.com/pyload/pyload/pull/4596
ssvc	Track*	https://github.com/pyload/pyload/pull/4596
cvssv3.1	9.8	https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264
generic_textual	CRITICAL	https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264
ssvc	Track*	https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2025-54802
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2025-54802

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-54802
		https://github.com/pyload/pyload
		https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4
		https://github.com/pyload/pyload/pull/4596
CVE-2025-54802		https://nvd.nist.gov/vuln/detail/CVE-2025-54802
GHSA-48rp-jc79-2264		https://github.com/advisories/GHSA-48rp-jc79-2264
GHSA-48rp-jc79-2264		https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pyload/pyload

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-05T14:29:40Z/ Found at https://github.com/pyload/pyload/commit/70a44fe02c03bce92337b5d370d2a45caa4de3d4

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pyload/pyload/pull/4596

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-05T14:29:40Z/ Found at https://github.com/pyload/pyload/pull/4596

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-08-05T14:29:40Z/ Found at https://github.com/pyload/pyload/security/advisories/GHSA-48rp-jc79-2264

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-54802

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.8661
EPSS Score	0.02893
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:24:31.879202+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyload-ng/GHSA-48rp-jc79-2264.yml	38.6.0