CVE-2025-50688

Name: CVE-2025-50688
Creator: NVD / NIST
Published: 2025-08-05T18:15:32.083+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 4.81%

Last modified Jun 17, 2026

CVE-2025-50688 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a specially crafted HTTP PUT request to upload a malicious file (e.g., a reverse shell script). EPSS estimates a 4.81% chance of exploitation in the next 30 days.

Description

A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a specially crafted HTTP PUT request to upload a malicious file (e.g., a reverse shell script). Once uploaded, the attacker can trigger the execution of arbitrary commands on the target system, allowing for remote code execution. This could lead to escalation of privileges depending on the privileges of the web server process. The attack does not require physical access and can be conducted remotely, posing a significant risk to the confidentiality and integrity of the system.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Probability

4.81%

90.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-77

Affected Software

Vendor	Product	Versions
Twistedmatrix	Twistedweb	14.0.0

References

https://medium.com/@Justinsecure/chained-rce-on-twistedweb-14-0-0-via-command-injection-and-unauthenticated-put-1aa657995b4eExploit, Third Party Advisory
https://twisted.org/documents/14.0.0/index.htmlProduct

Timeline

Published: Aug 5, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-50688?

How severe is CVE-2025-50688?

CVE-2025-50688 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 4.81% probability of exploitation in the next 30 days.

How do I fix CVE-2025-50688?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-50688?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST