Command Injection Vulnerability in TwistedWeb Affects Remote User Security
CVE-2025-50688

6.5MEDIUM

Key Information:

Vendor: Twisted
Status: TwistedWeb
Vendor: CVE Published:; 5 August 2025

What is CVE-2025-50688?

A command injection vulnerability exists in TwistedWeb version 14.0.0 due to inadequate input sanitization in its file upload feature. Attackers can exploit this flaw by sending a specially crafted HTTP PUT request to upload malicious files, including reverse shell scripts. This may allow them to execute arbitrary commands on the affected system, leading to potential privilege escalation based on the web server's process permissions. The attack can be executed remotely, significantly threatening the system's confidentiality and integrity.

References

https://twisted.org/documents/14.0.0/index.html

https://medium.com/@Justinsecure/chained-rce-on-twistedwe...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2025
Vulnerability Reserved
Jun 16, 2025

CVE-2025-50688 Data

JSON