Insufficient Input Validation in pyLoad Web Interface
CVE-2025-61773

8.1HIGH

Key Information:

Vendor

Pyload

Status
Pyload
Vendor
CVE Published:
9 October 2025

What is CVE-2025-61773?

The web interface of pyLoad, a popular open-source download manager, is susceptible to insufficient input validation in specific functionalities, namely the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This vulnerability enables malicious users to inject arbitrary content into the application's user interface or disrupt request handling. Attackers can exploit this flaw to execute client-side code or induce other unintended behaviors by submitting crafted payloads. The failure to properly validate and sanitize user-supplied parameters before processing allows for potential exploitation, with the CNL blueprint being particularly vulnerable due to its improper handling of untrusted data. The issue has been addressed in pyLoad version 0.5.0b3.dev91.

Affected Version(s)

pyload < 0.5.0b3.dev91

References

https://github.com/pyload/pyload/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/pyload/pyload/pull/4624
x_refsource_MISC
https://github.com/pyload/pyload/commit/5823327d0b797161c...
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61773 : Insufficient Input Validation in pyLoad Web Interface