CVE-2025-67079

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.

Vulnerability Details

Published Date

January 15, 2026

Last Modified

January 21, 2026

CWE ID

CWE-434

Source

NVD

Vendor

agora-project

Product

agora-project

External References

https://www.agora-project.net
https://www.helx.io/blog/advisory-agora-project/

CVE-2025-67079

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment