{"id":74185,"date":"2025-09-11T17:46:45","date_gmt":"2025-09-11T17:46:45","guid":{"rendered":""},"modified":"2025-09-27T15:39:19","modified_gmt":"2025-09-27T21:39:19","slug":"cve-2025-58819-unrestricted-file-upload-vulnerability-in-creedally-bulk-featured-image","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-58819-unrestricted-file-upload-vulnerability-in-creedally-bulk-featured-image\/","title":{"rendered":"CVE-2025-58819: Unrestricted File Upload Vulnerability in CreedAlly Bulk Featured Image<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-58819 is a critical vulnerability affecting CreedAlly Bulk Featured Image, a popular image handling tool, used in a wide range of web server applications. The vulnerability allows an attacker to upload unrestricted files of a dangerous type, specifically, a web shell, to a web server. This can potentially lead to a catastrophic system compromise or data leakage, posing serious risks to any organization using vulnerable<\/a> versions of this software.
\nThe severity of this vulnerability is high due to the potential for full system<\/a> compromise, and it is therefore crucial that affected organizations take immediate action to mitigate the threat. In this article, we will provide a detailed overview of CVE-2025-58819, covering its potential impacts and providing guidance for mitigating the threat.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-58819
\nSeverity: Critical (CVSS 9.1)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: System compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n