cvedb.io
CVE-2025-63414
CRITICAL · CVSS 10
EPSS exploitation probability: 0%
Published 2025-12-16T17:16:10.473 · Last modified 2026-06-17T09:53:06.037

Summary

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute arbitrary commands on the underlying operating system, leading to full remote code execution (RCE).

Affected products

allskyteam — allsky

Does this affect you?

Add your gear to cvedb and we'll alert you only when allskyteam ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.