CVE-2025-58432 | IceWhaleTech ZimaOS up to 1.4.1 uploadV2 unnecessary privileges (GHSA-3gp9-43rg-xrcc)

A vulnerability was found in IceWhaleTech ZimaOS up to 1.4.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v2_1/files/file/uploadV2. Performing manipulation results in execution with unnecessary privileges.

This vulnerability is known as CVE-2025-58432. Attacking locally is a requirement. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More