Incorrect Provision of Specified Functionality
CVE-2025-66384
Summary
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
- LOW
- NETWORK
- HIGH
- CHANGED
- NONE
- HIGH
- LOW
- LOW
CWE-684 - Incorrect Provision of Specified Functionality
The code does not function according to its published specifications, potentially leading to incorrect usage.
References
Advisory Timeline
- Published
