Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-31002

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

WordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Using Malicious Files. This issue affects Squeeze: from n/a through 1.6.

References

https://patchstack.com/database/wordpress/plugin/squeeze/vulnerability/wordpres… vdb-entry

Affected products

squeeze

=<1.6

Matching in nixpkgs

pkgs.squeezelite

Lightweight headless squeezebox client emulator

nixos-unstable -
- nixpkgs-unstable 2.0.0.1541

pkgs.squeezelite-pulse

Lightweight headless squeezebox client emulator

nixos-unstable -
- nixpkgs-unstable 2.0.0.1541

pkgs.postgresqlPackages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

nixos-unstable -
- nixpkgs-unstable 1.9.0

pkgs.python312Packages.pysqueezebox

Asynchronous library to control Logitech Media Server

nixos-unstable -
- nixpkgs-unstable 0.12.1

pkgs.python313Packages.pysqueezebox

Asynchronous library to control Logitech Media Server

nixos-unstable -
- nixpkgs-unstable 0.12.1

pkgs.postgresql13Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

nixos-unstable -
- nixpkgs-unstable 1.9.0

pkgs.postgresql14Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

nixos-unstable -
- nixpkgs-unstable 1.9.0

pkgs.postgresql15Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

nixos-unstable -
- nixpkgs-unstable 1.9.0

pkgs.postgresql16Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

nixos-unstable -
- nixpkgs-unstable 1.9.0

pkgs.postgresql18Packages.pg_squeeze

PostgreSQL extension for automatic bloat cleanup

nixos-unstable -
- nixpkgs-unstable 1.9.0

pkgs.home-assistant-component-tests.squeezebox

Open source home automation that puts local control and privacy first

nixos-unstable -
- nixpkgs-unstable 2025.9.3

Package maintainers

@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@nyanloutre Paul Trehiou <paul@nyanlout.re>
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.squeezelite

pkgs.squeezelite-pulse

pkgs.postgresqlPackages.pg_squeeze

pkgs.python312Packages.pysqueezebox

pkgs.python313Packages.pysqueezebox

pkgs.postgresql13Packages.pg_squeeze

pkgs.postgresql14Packages.pg_squeeze

pkgs.postgresql15Packages.pg_squeeze

pkgs.postgresql16Packages.pg_squeeze

pkgs.postgresql18Packages.pg_squeeze

pkgs.home-assistant-component-tests.squeezebox

Package maintainers