Primary

Context

ZimaOS Privilege Escalation Vulnerability via Localhost File Upload

Vulnerability

A privilege escalation vulnerability exists in ZimaOS versions through 1.4.1. The issue arises in the '/v2_1/files/file/uploadV2' endpoint, which allows file uploads from any user with access to localhost. These uploads are executed with root privileges. The vulnerability exploits a token bypass when the endpoint is accessed through loopback interfaces.

Impact

Exploitation of this vulnerability allows any user with access to localhost to upload files as root, potentially leading to unauthorized privilege escalation.

Reproduction

To reproduce this vulnerability, upload a file to the '/v2_1/files/file/uploadV2' endpoint from a localhost interface. The uploaded file will be processed with root privileges. For example, a file can be uploaded to the '/etc/sudoers.d/' directory, which could then be used to gain root access.

Added: Sep 17, 2025, 6:21 PM

Updated: Sep 17, 2025, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZimaOS Privilege Escalation Vulnerability via Localhost File Upload

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating