How severe is CVE-2025-24891?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2025-24891?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2025-24891

CRITICAL Year: 2025

CVSS v3 Score

9.6

Critical

Weakness Type

CWE-22

View all →

Vulnerability Description

Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject malicious payloads into files ran on schedule or upon certain service actions. As the service is not required to run with authentication enabled, this may permit wholly unprivileged users root access. Otherwise, anybody with a PIN.

CVE-2019-16064

CRITICAL

CVSS:9.6(Critical)

NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By explo...

CWE-222019

CVE-2020-15182

CRITICAL

CVSS:9.6(Critical)

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allow...

CWE-222020

CVE-2020-26299

CRITICAL

CVSS:9.6(Critical)

ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on...

CWE-222020

CVE-2023-27269

CRITICAL

CVSS:9.6(Critical)

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations t...

CWE-222023

CVE-2023-27501

CRITICAL

CVSS:9.6(Critical)

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information p...

CWE-222023

CVE-2023-42657

CRITICAL

CVSS:9.6(Critical)

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir,...

CWE-222023

CVE-2025-24891

Vulnerability Description

Related Vulnerabilities

CVE-2019-16064

CVE-2020-15182

CVE-2020-26299

CVE-2023-27269

CVE-2023-27501

CVE-2023-42657