Login Sign Up

CVE-2025-3324

6.3 MEDIUM
Remote Code Execution

📋 TL;DR

CVE-2025-3324 is a critical unrestricted file upload vulnerability in Nimrod 0.8's FileRestController.java that allows remote attackers to upload arbitrary files. This can lead to remote code execution or server compromise. Anyone running vulnerable Nimrod instances is affected.

💻 Affected Systems

Products:
  • godcheese/code-projects Nimrod
Versions: 0.8
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Nimrod instances with FileRestController.java functionality enabled.

📦 What is this software?

Nimrod by Godcheese

View all CVEs affecting Nimrod →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Webshell deployment allowing persistent backdoor access, file system manipulation, and potential privilege escalation.

🟢

If Mitigated

Upload attempts blocked at WAF level with no successful exploitation, though attack attempts may still be logged.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit available on GitHub, making this easily exploitable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Check for official patch from godcheese/code-projects repository. 2. If patch available, apply and restart Nimrod service. 3. Verify fix by testing file upload functionality.

🔧 Temporary Workarounds

WAF File Upload Filtering

all

Configure web application firewall to block malicious file uploads based on file extensions and content.

Disable File Upload Endpoint

all

Temporarily disable or restrict access to the vulnerable FileRestController endpoint.

🧯 If You Can't Patch

  • Implement strict file upload validation on reverse proxy/WAF layer
  • Isolate Nimrod instance in network segment with minimal access

🔍 How to Verify

Check if Vulnerable:

Test file upload functionality with malicious file extensions (.jsp, .php, .exe) to see if they're accepted.

Check Version:

Check Nimrod version in application configuration or via API endpoint if available.

Verify Fix Applied:

Attempt same malicious file uploads after remediation - should be rejected with proper validation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads with suspicious extensions
  • Multiple failed upload attempts
  • Successful uploads of executable files

Network Indicators:

  • HTTP POST requests to file upload endpoints with unusual file types
  • Traffic patterns indicating file upload exploitation

SIEM Query:

source="nimrod" AND (http_method="POST" AND uri="*upload*" AND (file_extension="jsp" OR file_extension="php" OR file_extension="exe"))

📊 Metadata

CVE ID: CVE-2025-3324
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.31% exploit probability (53.7th percentile)
Published: April 6, 2025
Last Updated: April 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3324, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)