The vulnerability CVE-2025-54307 affects Thermo Fisher's Torrent Suite Django application version 5.18.1, specifically the endpoints /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/. These endpoints allow authenticated low-privilege users to upload ZIP files to the server. The core issue lies in the plupload_file_upload function, which constructs the destination file path using the filename or a name parameter without proper sanitization. The filename is split to extract the extension, and a format string is used to build the final path, leaving the system vulnerable to path traversal attacks. By exploiting this, an attacker can write arbitrary files anywhere on the server's filesystem, including overwriting executable files. A notable example is the pdflatex executable, which is called via subprocess.Popen in the write_report_pdf function when generating PDF reports through the /report/latex/(\d+).pdf endpoint. Overwriting pdflatex or similar executables enables remote code execution, allowing attackers to run arbitrary commands with the application's privileges. Exploitation requires authentication and network access but no additional user interaction. No CVSS score has been assigned yet, but the vulnerability is critical due to the potential for full system compromise. No known exploits are currently in the wild, but the risk is significant given the nature of the flaw and the sensitive environments where this software is deployed.

European organizations using Thermo Fisher Torrent Suite, particularly in healthcare, clinical research, and biotechnology sectors, face severe risks from this vulnerability. Successful exploitation can lead to remote code execution, allowing attackers to compromise confidentiality, integrity, and availability of critical systems. This could result in unauthorized access to sensitive patient data, manipulation or destruction of research data, disruption of clinical workflows, and potential regulatory non-compliance under GDPR. The ability to overwrite executables and execute arbitrary code elevates the threat to critical severity, potentially enabling lateral movement within networks and persistent footholds. Given the reliance on this software in regulated environments, the impact extends beyond technical damage to include reputational harm and legal consequences. The requirement for authentication limits exposure but does not eliminate risk, as insider threats or compromised credentials could be leveraged. The absence of known exploits in the wild suggests a window for proactive mitigation before widespread attacks occur.

1. Immediately restrict upload permissions to only trusted, high-privilege users and monitor upload endpoints for unusual activity. 2. Implement strict server-side validation and sanitization of all filename inputs to prevent path traversal, including rejecting filenames containing directory traversal sequences (e.g., ../). 3. Employ allowlists for acceptable file extensions and names to limit upload scope. 4. Isolate the execution environment for subprocess calls like pdflatex using containerization or sandboxing to minimize impact if exploited. 5. Monitor filesystem integrity, especially for critical executables, using file integrity monitoring tools to detect unauthorized changes. 6. Enforce strong authentication mechanisms, including multi-factor authentication, to reduce risk from compromised credentials. 7. Regularly audit and update the application and underlying dependencies; apply vendor patches promptly once available. 8. Conduct penetration testing focused on file upload functionalities to identify and remediate similar vulnerabilities. 9. Educate administrators and users about the risks of file upload vulnerabilities and suspicious activity indicators. 10. Consider network segmentation to limit access to the vulnerable application from untrusted networks.