CVE-2025-29866

Summary

: External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.

Affected Software

VendorProductVersion RangeStatus
TAGFREEX-Free Uploader1.0.1.0084 < 1.0.1.0085affected
TAGFREEX-Free Uploader2.0.1.0034 < 2.0.1.0035affected

Weaknesses

  • CWE-73: CWE-73: External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References