CVE-2025-67077 – A file upload vulnerability in Omnispace Agora ... (How to Fix)

Q: What is the severity of CVE-2025-67077?

CVE-2025-67077 has a CVSS score of 8.8 (HIGH). A file upload vulnerability in Omnispace Agora Project allows authenticated users (and sometimes guest users) to upload arbitrary files via the UploadTmpFile action. This could lead to remote code execution or server compromise. All systems running Agora Project before version 25.10 are affected.

📋 TL;DR

A file upload vulnerability in Omnispace Agora Project allows authenticated users (and sometimes guest users) to upload arbitrary files via the UploadTmpFile action. This could lead to remote code execution or server compromise. All systems running Agora Project before version 25.10 are affected.

💻 Affected Systems

Products:

Omnispace Agora Project

Versions: All versions before 25.10

Operating Systems: Any OS running Agora Project

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration. Guest user exploitation depends on specific configuration settings.

📦 What is this software?

Agora Project by Agora Project

View all CVEs affecting Agora Project →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Unauthorized file upload leading to web shell deployment, data exfiltration, or denial of service.

🟢

If Mitigated

File uploads restricted to authenticated users only with proper file type validation and storage outside web root.

🌐 Internet-Facing: HIGH - Web applications with file upload functionality are prime targets for attackers.

🏢 Internal Only: HIGH - Internal users could exploit this to gain elevated privileges or compromise internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires understanding of the UploadTmpFile action but is straightforward once identified. Guest exploitation may require specific conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.10

Vendor Advisory: https://www.agora-project.net

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download Agora Project version 25.10 or later. 3. Follow vendor upgrade instructions. 4. Restart the Agora Project service. 5. Verify the upgrade was successful.

🔧 Temporary Workarounds

Disable UploadTmpFile Action

all

Temporarily disable the vulnerable UploadTmpFile action until patching can be completed.

# Modify Agora Project configuration to remove or disable UploadTmpFile endpoint

Restrict File Upload Permissions

all

Configure web server to block file uploads to the vulnerable endpoint.

# Add web server rule to block POST requests to UploadTmpFile endpoint

🧯 If You Can't Patch

Implement strict file type validation and size limits for all uploads
Store uploaded files outside web-accessible directories with proper permissions

🔍 How to Verify

Check if Vulnerable:

Check Agora Project version in admin interface or configuration files. If version is below 25.10, system is vulnerable.

Check Version:

# Check Agora Project version in configuration or via admin interface

Verify Fix Applied:

Verify version is 25.10 or higher in admin interface. Test file upload functionality with restricted file types.

📡 Detection & Monitoring

Log Indicators:

Multiple failed upload attempts
Uploads of unusual file types (e.g., .php, .jsp, .asp)
Large file uploads to UploadTmpFile endpoint

Network Indicators:

POST requests to UploadTmpFile endpoint with executable file extensions
Unusual outbound connections after file uploads

SIEM Query:

source="agora_logs" AND (uri="/UploadTmpFile" OR file_extension IN ("php", "jsp", "asp", "exe"))

📊 Metadata

CVE ID: CVE-2025-67077

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.05% exploit probability (14.5th percentile)

Published: January 15, 2026

Last Updated: January 21, 2026

🔗 References

https://www.agora-project.net Product
https://www.helx.io/blog/advisory-agora-project/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67077, you might also want to check these: