Mageia 9: 2025-0174 critical: deluge SSRF and RCE issues

mageia

May 31, 2025

Limited unauthenticated file read in /flag

Summary

Limited unauthenticated file read in /flag. (CVE-2025-46561) New version check over unencrypted channel. (CVE-2025-46562) SSRF with information leak and limited unauthenticated file write. (CVE-2025-46563) Unauthenticated file read in /js may lead to RCE. (CVE-2025-46564) Mageia internal bug: deluge-daemon.service was not working; the update fixes this issue.

References

- https://bugs.mageia.org/show_bug.cgi?id=34274

- https://www.cve.org/CVERecord?id=CVE-2025-46561

- https://www.cve.org/CVERecord?id=CVE-2025-46562

- https://www.cve.org/CVERecord?id=CVE-2025-46563

- https://www.cve.org/CVERecord?id=CVE-2025-46564

Topics Covered

security advisory security issue information leak remote code execution file read Mageia

Resolution

SRPMS

- 9/core/deluge-2.2.0-1.5.mga9

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 31 May 2025

URL: https://advisories.mageia.org/MGASA-2025-0174.html

Type: security

CVE: CVE-2025-46561, CVE-2025-46562, CVE-2025-46563, CVE-2025-46564

Topics Covered

security advisory security issue information leak remote code execution file read Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 9: 2025-0174 critical: deluge SSRF and RCE issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 9: 2025-0174 critical: deluge SSRF and RCE issues

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!