Primary

Context

Dragonfly Remote Code Execution Vulnerability via Arbitrary File Read and Write

Vulnerability

Patched

A vulnerability in Dragonfly, an open-source P2P file distribution and image acceleration system, allows for remote code execution by exploiting the gRPC and HTTP APIs. Prior to version 2.1.0, these APIs permitted peers to send requests that could force the recipient to create files in arbitrary locations or read existing files. This capability could be misused to access sensitive data from other peers and execute code remotely on their machines.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data and remote code execution on the affected peer's machine.

Remediation

Users are advised to upgrade to Dragonfly version 2.1.0 or later.

Added: Sep 17, 2025, 8:20 PM

Updated: Sep 17, 2025, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

6.0

remediation

7.7

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

6.0

remediation

7.7

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dragonfly Remote Code Execution Vulnerability via Arbitrary File Read and Write

Vulnerability

Impact

Remediation

Affected Products

Dragonfly

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating