{"id":26070,"date":"2025-04-18T01:04:46","date_gmt":"2025-04-18T01:04:46","guid":{"rendered":""},"modified":"2025-05-06T18:22:23","modified_gmt":"2025-05-06T18:22:23","slug":"cve-2025-29017-remote-code-execution-in-code-astro-internet-banking-system-2-0-0","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-29017-remote-code-execution-in-code-astro-internet-banking-system-2-0-0\/","title":{"rendered":"CVE-2025-29017: Remote Code Execution in Code Astro Internet Banking System 2.0.0<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

A serious security vulnerability, identified as CVE-2025-29017, has been detected in the Code Astro Internet Banking System 2.0.0. This flaw allows malicious actors to execute arbitrary code remotely on the affected systems. The vulnerability arises due to improper validation of file uploads<\/a> in the profile_pic parameter within pages_view_client.php. This vulnerability affects all users<\/a> of the Code Astro Internet Banking System 2.0.0 and can lead to system compromise or data leakage. It highlights the broader issue of the need for rigorous security practices in the development of internet banking systems<\/a>.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-29017
\nSeverity: High (CVSS: 8.8)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: System compromise and potential data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n