{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T02:51:45.672","vulnerabilities":[{"cve":{"id":"CVE-2025-55013","sourceIdentifier":"security-advisories@github.com","published":"2025-08-09T03:15:47.620","lastModified":"2026-06-17T09:41:06.903","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client (task_handler.py) accepts a SHA-256 value returned by the service server and uses it directly as a local file name.A malicious or compromised server (or any MITM that can speak to client) can return a path-traversal payload such as `../../../etc/cron.d/evil` and force the client to write the downloaded bytes to an arbitrary location on disk. This is fixed in version 4.6.1.dev138."},{"lang":"es","value":"Assemblyline 4 Service Client interactúa con la API para obtener tareas y publicar el resultado de un servicio en Assemblyline 4. En versiones anteriores a la 4.6.1.dev138, el cliente de servicio de Assemblyline 4 (task_handler.py) acepta un valor SHA-256 devuelto por el servidor de servicio y lo usa directamente como nombre de archivo local. Un servidor malicioso o comprometido (o cualquier MITM que pueda comunicarse con el cliente) puede devolver un payload de path traversal como `../../../etc/cron.d/evil` y obligar al cliente a escribir los bytes descargados en una ubicación arbitraria del disco. Esto se solucionó en la versión 4.6.1.dev138."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"CybercentreCanada","product":"assemblyline","versions":[{"version":"< 4.6.1.dev138","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-08-11T14:07:26.606408Z","id":"CVE-2025-55013","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://github.com/CybercentreCanada/assemblyline-service-client/commit/351414e7e96cc1f5640ae71ae51b939e8ba30900","source":"security-advisories@github.com"},{"url":"https://github.com/CybercentreCanada/assemblyline/security/advisories/GHSA-75jv-vfxf-3865","source":"security-advisories@github.com"}]}}]}