CVE-2025-66384 | MISP up to 2.5.23 EventsController.php tmp_name incorrect provision of specified functionality

A vulnerability labeled as problematic has been found in MISP up to 2.5.23. This affects the function tmp_name of the file app/Controller/EventsController.php. Executing manipulation can lead to incorrect provision of specified functionality.

This vulnerability is tracked as CVE-2025-66384. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More