2025-08-06 00:00:00
mitre
PUBLISHED
An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure uploadPreviews() custom function in /api_vedo/colorways_preview, ultimately resulting in remote code execution (RCE).