CVE-2025-54307 affects Thermo Fisher's Torrent Suite Django application version 5.18.1, specifically the endpoints /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/. These endpoints allow authenticated users with low privileges to upload ZIP files to the server. The vulnerability arises because the plupload_file_upload function constructs the destination file path using the filename or a name parameter without proper sanitization, leading to a path traversal (CWE-22) vulnerability. Attackers can manipulate the filename to traverse directories and overwrite arbitrary files on the server. The application uses the pdflatex executable to generate PDF reports via subprocess.Popen calls triggered by requests to /report/latex/(\d+).pdf. By overwriting pdflatex or other executables, an attacker can achieve remote code execution (RCE). The vulnerability requires authentication but no additional user interaction, making it easier to exploit in environments where attackers have valid credentials or compromised accounts. The CVSS 3.1 score is 8.8 (High), with network attack vector, low attack complexity, low privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. No public exploits are known yet, but the risk is significant due to the potential for RCE and critical system compromise.

For European organizations, especially those in healthcare, biotechnology, and research sectors that rely on Thermo Fisher's Torrent Suite for genomic and clinical data analysis, this vulnerability poses a severe threat. Exploitation could lead to unauthorized access to sensitive patient or research data, manipulation or destruction of critical files, and disruption of essential services. The ability to execute arbitrary code remotely could allow attackers to establish persistent footholds, move laterally within networks, and exfiltrate confidential information. This could result in regulatory non-compliance with GDPR, financial penalties, reputational damage, and operational downtime. Given the critical role of such software in clinical workflows, the impact on patient care and research integrity could be substantial. Additionally, the vulnerability could be leveraged in targeted attacks against European biotech firms or research institutions, potentially linked to geopolitical espionage or sabotage.

To mitigate CVE-2025-54307, organizations should immediately restrict access to the vulnerable upload endpoints to only trusted administrators and monitor for unusual upload activity. Implement strict input validation and sanitization on all filename parameters to prevent path traversal, including rejecting filenames containing directory traversal sequences or unexpected characters. Employ allowlisting of file extensions and enforce storage of uploaded files in isolated, non-executable directories. Patch or upgrade the Torrent Suite application as soon as a vendor fix becomes available. In the interim, consider disabling the vulnerable upload functionality if feasible. Monitor server logs for suspicious subprocess executions, especially involving pdflatex or other executables. Use application-layer firewalls or web application firewalls (WAFs) to detect and block exploitation attempts. Conduct regular audits of file system integrity and implement endpoint detection and response (EDR) solutions to identify anomalous behavior indicative of compromise.