{"id":"PYSEC-2025-114","details":"A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file.","aliases":["CVE-2024-55028"],"modified":"2026-05-21T15:00:12.567053347Z","published":"2025-03-25T21:15:41.467Z","references":[{"type":"EVIDENCE","url":"https://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3/"}],"affected":[{"package":{"name":"fprime","ecosystem":"PyPI","purl":"pkg:pypi/fprime"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"3.4.3"}]}],"versions":["1.5.4.dev0"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/fprime/PYSEC-2025-114.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}