CVE-2025-67079
Omnispace · Agora Project
A file upload vulnerability in the Agora Project allows remote code execution via a crafted PDF processed by the Imagick library's MSL engine.
Executive summary
A critical file upload vulnerability in the Omnispace Agora Project enables remote attackers to execute arbitrary code, posing a severe threat to system security.
Vulnerability
The application fails to properly validate files uploaded through thumbnail and upload functions. By submitting a crafted PDF, an attacker can trigger the Imagick library's MSL engine to execute malicious commands on the server.
Business impact
Successful exploitation allows an attacker to gain remote code execution capabilities, potentially leading to full system compromise and unauthorized data access. The CVSS score of 9.8 confirms the extreme severity, as this flaw provides a direct vector for attackers to gain a foothold within the corporate network.
Remediation
Immediate Action: Upgrade the Omnispace Agora Project to version 25.10 or later to ensure the file validation logic is correctly updated.
Proactive Monitoring: Monitor server-side process creation events and check for unexpected execution of shell commands or scripts originating from the web application directory.
Compensating Controls: Configure the web server to disable the execution of scripts in upload directories and implement strict file type validation to reject non-image file formats.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
This vulnerability is highly dangerous due to the ease with which it can be triggered via standard file upload functions. Organizations using the Agora Project must upgrade to version 25.10 immediately to eliminate this remote code execution vector.