CVE-2025-59352 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-59352 PUBLISHED CVSS 6.900000095367432 MEDIUM

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain remote code execution (RCE) capabilities on the peer’s machine.This vulnerability is fixed in 2.1.0.

EPSS 0.81% · 74.0th percentile

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P

EPSS Score

0.81%

74.0th percentile

Affected Products

Vendor	Product	Versions
dragonflyoss	dragonfly	< 2.1.0
linuxfoundation	dragonfly	0
github.com	dragonflyoss/dragonfly	0
d7y.io	dragonfly/v2	0

Timeline

Jan 21, 1970 Security Advisory
Sep 17, 2025 CVE Published
Sep 18, 2025 EPSS Score
Sep 18, 2025 CVE Updated
Sep 24, 2025 EPSS Score
Oct 1, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 6, 2025 Coalition ESS Score
Oct 7, 2025 EPSS Score
Oct 14, 2025 EPSS Score
Oct 20, 2025 EPSS Score
Oct 20, 2025 Coalition ESS Score

References

Open in Interactive Console →