CVE-2025-55013
4.2
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the service server and uses it directly as a local file name.A malicious or compromised server (or any MITM that can speak to client) can return a path-traversal payload such as ../../../etc/cron.d/evil and force the client to write the downloaded bytes to an arbitrary location on disk. This is fixed in version 4.6.1.dev138.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CybercentreCanada | assemblyline | < 4.6.1.dev138 | affected |
Weaknesses
- CWE-23: CWE-23: Relative Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/CybercentreCanada/assemblyline/security/advisories/GHSA-75jv-vfxf-3865
- https://github.com/CybercentreCanada/assemblyline-service-client/commit/351414e7e96cc1f5640ae71ae51b939e8ba30900
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.