top of page
perceptive_background_267k.jpg

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload …

Published:

29 april 2026 om 22:00:00

Alert date:

30 april 2026 om 16:02:02

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

All versions of django-mdeditor package contain a critical vulnerability (CVE-2025-13030) in the image upload endpoint. The vulnerability allows attackers to upload malicious files and achieve arbitrary code execution due to missing authentication protection and improper file name sanitization. This affects all versions of the package and poses a high security risk for applications using django-mdeditor.

Technical details

Mitigation steps:

Affected products:

django-mdeditor

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-13030
https://github.com/pylixm/django-mdeditor/blob/e8dd73fb8571ddff2e7a20a4bfa88c376cc33b62/mdeditor/views.py%23L25
https://github.com/pylixm/django-mdeditor/commit/3e80f9edcabc5d2fc136b05a501964b8a5e97cfe
https://github.com/pylixm/django-mdeditor/issues/151
https://github.com/pylixm/django-mdeditor/pull/185
https://security.snyk.io/vuln/SNYK-PYTHON-DJANGOMDEDITOR-8630926

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page