CVE-2025-59352 is a vulnerability affecting versions of the open-source Dragonfly project prior to 2.1.0. Dragonfly is a peer-to-peer (P2P) based file distribution and image acceleration system widely used to optimize software delivery and container image distribution. The vulnerability arises from insecure handling of gRPC and HTTP API requests, which allow a malicious peer to craft requests that force the recipient peer to create files at arbitrary locations on the file system and read arbitrary files. This behavior leads to exposure of sensitive information, as attackers can access confidential files belonging to other peers. Moreover, the ability to write files arbitrarily can be leveraged to achieve remote code execution (RCE) on the victim peer's machine, significantly escalating the threat. The vulnerability is categorized under CWE-202 (Exposure of Sensitive Information Through Data Queries) and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), indicating flaws in input validation and path traversal protections. The CVSS v4.0 score is 6.9 (medium severity), reflecting network attack vector, no required privileges or user interaction, but high scope and impact on confidentiality, integrity, and availability. The vulnerability was publicly disclosed on September 17, 2025, and fixed in Dragonfly version 2.1.0. No known exploits in the wild have been reported yet, but the potential for sensitive data theft and RCE makes this a critical concern for users of affected versions.

For European organizations using Dragonfly versions prior to 2.1.0, this vulnerability poses significant risks. The exposure of sensitive files can lead to leakage of intellectual property, credentials, or personal data, potentially violating GDPR and other data protection regulations. The ability to execute arbitrary code remotely can allow attackers to compromise entire systems, pivot within networks, deploy malware, or disrupt critical services. Given Dragonfly's role in accelerating image distribution, compromised nodes could serve as attack vectors to infiltrate containerized environments or software supply chains, amplifying the impact. Organizations relying on Dragonfly for DevOps, CI/CD pipelines, or cloud-native deployments may face operational disruptions and reputational damage. The medium CVSS score underestimates the potential cascading effects of RCE in complex infrastructures. Thus, European entities must treat this vulnerability with urgency to prevent data breaches and system compromises.

To mitigate this vulnerability, European organizations should immediately upgrade all Dragonfly deployments to version 2.1.0 or later, where the issue is fixed. Until upgrades are completed, restrict network access to Dragonfly peers by implementing strict firewall rules and network segmentation to limit exposure to untrusted peers. Employ application-layer filtering or API gateways to validate and sanitize incoming gRPC and HTTP requests, preventing malicious payloads that attempt arbitrary file operations. Conduct thorough audits of existing Dragonfly configurations and logs to detect suspicious file creation or access patterns indicative of exploitation attempts. Integrate runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to monitor for anomalous behaviors related to file system access and code execution. Additionally, enforce the principle of least privilege on systems running Dragonfly, ensuring that the service operates with minimal file system permissions to reduce the impact of potential exploitation. Finally, maintain up-to-date backups and incident response plans tailored to supply chain and container infrastructure compromises.