CVE-2026-25057

EUVD-2026-6838
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_config_files). The uploaded zip file entry names are used to create paths to write files to disk without checking these paths. This vulnerability is fixed in 2.9.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
GitHub_MCNA
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
markusprojectmarkus
𝑥
< 2.9.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/MarkUsProject/Markus/commit/0ca002a1f0071c7a00dbb2ed34fede57323c5dc7
https://github.com/MarkUsProject/Markus/releases/tag/v2.9.1
https://github.com/MarkUsProject/Markus/security/advisories/GHSA-mccg-p332-252h