CVE-2025-55194

Published: Aug 13, 2025

Modified: Aug 14, 2025

PUBLISHED

CVSS v3.1

5.7

MEDIUM

Description

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server Error when attempting to view or edit that user’s profile. This makes the profile permanently inaccessible via the UI for both users and administrators, constituting a Denial of Service (DoS) within the user management interface. This issue has been patched in version 1.17.3.

Vendor	Product	Versions
Part-DB	Part-DB-server	affected `< 1.17.3`

Weaknesses (CWE)

CWE-248

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/Part-DB/Part-DB-server/security/advisories/GHSA-7rv3-rcxv-69ww

x_refsource_CONFIRM

https://github.com/Part-DB/Part-DB-server/commit/d370f976a7b0c19d502aadbaa0f93eb90c2a6ffa

x_refsource_MISC

https://drive.google.com/file/d/10exp_BS9kRKHrFSPjiA_ZYUVJbHN8doW/view

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-55194

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References