Parameter Injection Vulnerability in TAGFREE X-Free Uploader by TAGFREE
CVE-2025-29866

8.8HIGH

Key Information:

Vendor: Tagfree
Status: X-free Uploader
Vendor: CVE Published:; 7 August 2025

What is CVE-2025-29866?

An external control of file name or path vulnerability has been identified in the TAGFREE X-Free Uploader, enabling attackers to exploit parameter injection. This vulnerability manifests in specific versions of the X-Free Uploader software, allowing unauthorized manipulation of file paths. Users are urged to upgrade to the latest versions to mitigate potential risks associated with this security flaw.

Affected Version(s)

X-Free Uploader 1.0.1.0084 < 1.0.1.0085

X-Free Uploader 2.0.1.0034 < 2.0.1.0035

References

https://www.boho.or.kr/kr/bbs/view.do?searchCnd=&bbsId=B0...

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2025
Vulnerability Reserved
Mar 12, 2025

Tagfree

What is CVE-2025-29866?

Affected Version(s)

References

CVSS V4

Timeline