Missing Authentication Issues in django-mdeditor by Pylixm
CVE-2025-13030

5.1MEDIUM

Key Information:

Vendor: Pylixm
Status: Django-mdeditor
Vendor: CVE Published:; 30 April 2026

What is CVE-2025-13030?

The django-mdeditor library is susceptible to a significant security flaw that allows unauthorized users to upload potentially harmful files through the image upload endpoint. This vulnerability arises from a lack of authentication and inadequate sanitization of file names, enabling attackers to execute arbitrary code. Without proper mitigations, systems using this package may face severe security risks, emphasizing the need for immediate updates and security best practices.

Affected Version(s)

django-mdeditor 0

References

https://security.snyk.io/vuln/SNYK-PYTHON-DJANGOMDEDITOR-...

https://github.com/pylixm/django-mdeditor/blob/e8dd73fb85...

https://github.com/pylixm/django-mdeditor/issues/151

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Nov 11, 2025

Credit

Jeager Coder

CVE-2025-13030 Data

JSON