Primary

Context

MISP File Upload Validation Logic Vulnerability in Events Controller

Vulnerability

Patched

A vulnerability exists in MISP versions prior to 2.5.24 within the EventsController.php file. The issue stems from an incorrect logic in verifying the validity of uploaded files, particularly concerning the temporary file name. This flaw could potentially be exploited to bypass file upload restrictions or to manipulate file upload processes.

Impact

Exploitation of this vulnerability could lead to local file inclusion, allowing an attacker to include files from the local file system into the application. This could be used to read sensitive files or, in some cases, execute code if the included file is a script.

Reproduction

To reproduce this vulnerability, upload a file through a feature that uses the 'importModule' function in the EventsController. The current validation logic can be bypassed, potentially leading to local file inclusion.

Remediation

Users can update to MISP version 2.5.24 or later, where this vulnerability has been fixed.

Added: Nov 28, 2025, 7:19 AM

Updated: Nov 28, 2025, 7:19 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.8

remediation

7.7

relevance

1.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

5.8

remediation

7.7

relevance

1.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MISP File Upload Validation Logic Vulnerability in Events Controller

Vulnerability

Impact

Reproduction

Remediation

Affected Products

MISP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating