Security Advisory
CVE-2025-51056
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure uploadPreviews() custom function in /api_vedo/colorways_preview, ultimately resulting in remote code execution (RCE).