VDB
CVE-2025-59352
CVE-2025-59352
PUBLISHED
CVSS 6.900000095367432 MEDIUM
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain remote code execution (RCE) capabilities on the peer’s machine.This vulnerability is fixed in 2.1.0.
EPSS 1.84% · 83.3th percentile
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
EPSS Score
1.84%
83.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| dragonflyoss | dragonfly | < 2.1.0 |
| linuxfoundation | dragonfly | 0 |
| github.com | dragonflyoss/dragonfly | 0 |
| d7y.io | dragonfly/v2 | 0 |
Exploit Intelligence
Timeline
- Jan 21, 1970 Security Advisory
- Sep 17, 2025 CVE Published
- Sep 18, 2025 EPSS Score
- Sep 25, 2025 EPSS Score
- Oct 2, 2025 EPSS Score
- Oct 4, 2025 Coalition ESS Score
- Oct 6, 2025 Coalition ESS Score
- Oct 9, 2025 EPSS Score
- Oct 16, 2025 EPSS Score
- Oct 20, 2025 Coalition ESS Score
- Oct 23, 2025 EPSS Score
- Oct 30, 2025 EPSS Score
References
- https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-79hx-3fp8-hj66 url
- https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf url
- https://nvd.nist.gov/vuln/detail/CVE-2025-59352 advisory
- https://github.com/dragonflyoss/dragonfly package
- https://pkg.go.dev/vuln/GO-2025-3961 url