2 matches found
CVE-2025-67720 Pyrofork has a Path Traversal in download_media Method
Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages in the downloadmedia method before using them in file path construction. When downloading media, if the user does not specify a custom filename...
CVE-2025-67720
CVE-2025-67720 affects Pyrofork, an asynchronous MTProto API framework for Python. The vulnerability occurs in the download_media path when a user-supplied Telegram filename is used to construct the target path without adequate sanitization. Versions 2.3.68 and earlier may fall back to the media’...