Login Sign Up

CVE-2025-50688

6.5 MEDIUM
Remote Code Execution

📋 TL;DR

This CVE describes a command injection vulnerability in TwistedWeb 14.0.0 that allows remote attackers to execute arbitrary commands on affected systems via specially crafted HTTP PUT requests. The vulnerability affects systems running TwistedWeb 14.0.0 with file upload functionality enabled, potentially leading to complete system compromise.

💻 Affected Systems

Products:
  • TwistedWeb
Versions: 14.0.0
Operating Systems: All platforms running TwistedWeb
Default Config Vulnerable: ⚠️ Yes
Notes: Requires file upload functionality to be enabled and accessible via HTTP PUT requests.

📦 What is this software?

Twistedweb by Twistedmatrix

View all CVEs affecting Twistedweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/system-level access, data exfiltration, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Web server process compromise leading to data theft, service disruption, and potential privilege escalation to higher system privileges.

🟢

If Mitigated

Limited impact with proper network segmentation, minimal web server privileges, and input validation controls in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious HTTP PUT requests but does not require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.0.1 or later

Vendor Advisory: https://twisted.org/documents/14.0.0/index.html

Restart Required: No

Instructions:

1. Upgrade TwistedWeb to version 14.0.1 or later. 2. Verify the upgrade completed successfully. 3. Test file upload functionality to ensure it works properly.

🔧 Temporary Workarounds

Disable HTTP PUT method

all

Block or disable HTTP PUT requests to prevent file upload exploitation.

# Configure web server to reject PUT requests
# Example for nginx: limit_except GET POST { deny all; }

Implement input validation

all

Add server-side validation for file uploads to reject malicious content.

# Implement file type validation and sanitization
# Example Python: validate file extension and content

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable systems
  • Run TwistedWeb with minimal privileges (non-root user)

🔍 How to Verify

Check if Vulnerable:

Check TwistedWeb version and verify if running 14.0.0 with file upload enabled.

Check Version:

python -c "import twisted; print(twisted.__version__)"

Verify Fix Applied:

Verify TwistedWeb version is 14.0.1 or later and test file upload functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP PUT requests with suspicious file names
  • Multiple failed upload attempts
  • Commands executed from web server process

Network Indicators:

  • HTTP PUT requests to upload endpoints with unusual payloads
  • Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" method="PUT" (file_extension="*.sh" OR file_extension="*.py" OR file_extension="*.exe")

📊 Metadata

CVE ID: CVE-2025-50688
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE: CWE-77
EPSS Score: 0.35% exploit probability (56.9th percentile)
Published: August 5, 2025
Last Updated: November 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50688, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)