Impact
Aperi'Solve, an open-source steganalysis web platform, is vulnerable in versions 3.1.3 through 3.2.0. The flaw occurs when an optional password supplied during a JPEG upload is passed unsanitized into an expect command and then into a bash -c, enabling root-level RCE inside the worker container with a single HTTP request. An unauthenticated attacker can read, modify, or delete any file in the container, including user images, analysis results, and plaintext steganography passwords stored on disk. Because the container shares an unauthenticated Docker network with PostgreSQL and Redis, the attacker can pivot to dump the entire database or manipulate the job queue to poison results for other users. If Docker socket or host volume mounts are exposed, the flaw could elevate to full host compromise, allowing defacement of the website. The vulnerability is fixed in version 3.2.1.
Affected Systems
The vulnerability affects versions of Zeecka’s AperiSolve platform from 3.1.3 through 3.2.0. Attackers need only the open web interface; no special credentials are required. The flaw is present in all installations that use the default Docker networking without authentication to PostgreSQL or Redis.
Risk and Exploitability
The flaw scores a CVSS of 9.3, indicating critical severity. The EPSS score is < 1%, suggesting a very low but nonzero probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog, but it requires only a single unauthenticated HTTP request. Because the affected code executes commands in the container’s root path, an attacker can achieve full read/write access and, depending on host exposure, potentially pivot to the underlying host system. The risk remains high until the fixed 3.2.1 release is applied.
OpenCVE Enrichment