top of page
perceptive_background_267k.jpg

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted P…

Published:

14 January 2026 at 23:00:00

Alert date:

15 January 2026 at 18:11:37

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A file upload vulnerability in Omnispace Agora Project before version 25.10 allows attackers to execute arbitrary code through the MSL engine of the Imagick library. The vulnerability can be exploited by uploading a specially crafted PDF file to the file upload and thumbnail functions. This represents a critical security flaw that enables remote code execution through image processing functionality. The vulnerability affects all versions prior to 25.10 and has been assigned CVE-2025-67079.

Technical details

Mitigation steps:

Affected products:

Omnispace Agora Project

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-67079
https://www.agora-project.net
https://www.helx.io/blog/advisory-agora-project/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page