CVE-2025-55156

Published: Aug 12, 2025
Updated: Aug 20, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-55156" target="_blank" rel="noopener"> CVE-2025-55156
GHSA: <a href="https://github.com/advisories/GHSA-pwh4-6r3m-j2rf" target="_blank" rel="noopener"> GHSA-pwh4-6r3m-j2rf
Severity: High
Exploit:

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91.