CVE-2025-9173
Unknown
Last modified
CVE-2025-9173 is a vulnerability of currently unknown severity. Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none.
Description
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The file upload in include/service/media.php verifies the file extension based on a list defined in include/lib/option.php. This whitelist prevents unrestricted uploads (e.g. PHP files). Therefore, the attack possibility is just of theoretical nature.
Timeline
- Published
- Last Modified
- Status
- Rejected
Frequently Asked Questions
What is CVE-2025-9173?
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The file upload in include/service/media.php verifies the file extension based on a list defined in include/lib/option.php. This whitelist prevents unrestricted uploads (e.g. PHP files). Therefore, the attack possibility is just of theoretical nature.
How severe is CVE-2025-9173?
Severity scoring for CVE-2025-9173 is pending analysis.
How do I fix CVE-2025-9173?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2025-9173?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST