CVE-2025-66384

EUVD-2025-199869
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
mitreCNA
8.2 HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Common Weakness Enumeration
References
https://github.com/MISP/MISP/compare/v2.5.23...v2.5.24
https://github.com/misp/misp/commit/6867f0d3157a1959154bdad9ddac009dec6a19f5