QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-58432

Back to search

CVE-2025-58432

Published: Sep 17, 2025

Modified: Sep 17, 2025

PUBLISHED

Description

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT.

VendorProductVersions

IceWhaleTech

ZimaOS

affected
<= 1.4.1

Weaknesses (CWE)

CWE-250
CWE-269

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now