Localhost Bypass Vulnerability in Pyload Application
CVE-2025-7346

8.7HIGH

Key Information:

Vendor: Pyload
Status: Pyload
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-7346?

A vulnerability in the Pyload application allows unauthenticated attackers to bypass localhost restrictions, enabling them to create arbitrary packages. This issue poses a significant security risk as it could lead to unauthorized access and manipulation of application packages, potentially compromising the integrity of the system.

Affected Version(s)

Pyload 0 <= 0.5.0b3.dev77

References

https://github.com/pyload/pyload/security/advisories/GHSA...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jul 8, 2025