CVE-2025-54962

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/Eyodav/OpenPLC-Insecure-File-Upload", "name": "https://github.com/Eyodav/OpenPLC-Insecure-File-Upload", "tags": [], "refsource": ""}, {"url": "https://github.com/thiagoralves/OpenPLC_v3/blob/9cd8f1b53a50f9d38708096bfc72bcbb1ef47343/webserver/pages.py#L992", "name": "https://github.com/thiagoralves/OpenPLC_v3/blob/9cd8f1b53a50f9d38708096bfc72bcbb1ef47343/webserver/pages.py#L992", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-434"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-54962", "ASSIGNER": "cve@mitre.org"}}, "impact": {}, "publishedDate": "2025-08-04T02:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-04T02:15Z"}