CVE-2025-66384 – MISP File Upload Validation Bypass

CVE ID : CVE-2025-66384

Published : Nov. 28, 2025, 7:15 a.m. | 1 hour, 8 minutes ago

Description : app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…