CVE-2025-27411: REDAXO allows Arbitrary File Upload in the mediapool page

March 5, 2025

An arbitrary file upload vulnerability was identified in the redaxo. This flaw permits users to upload malicious files, which can lead to JavaScript code execution and distribute malware.

References

github.com/advisories/GHSA-wppf-gqj5-fc4f
github.com/redaxo/redaxo
github.com/redaxo/redaxo/security/advisories/GHSA-wppf-gqj5-fc4f
nvd.nist.gov/vuln/detail/CVE-2025-27411

Detect and mitigate CVE-2025-27411 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →