CVE-2025-63414

Published: Dec 16, 2025

Modified: Dec 16, 2025

PUBLISHED

Description

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute arbitrary commands on the underlying operating system, leading to full remote code execution (RCE).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/AllskyTeam/allsky

https://github.com/AllskyTeam/allsky/blob/master/html/execute.php

https://gh0stmezh.wordpress.com/2025/12/02/cve-2025-63414/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-63414

Description

Affected Products

References