CVE-2025-59352 is a vulnerability affecting dragonflyoss's Dragonfly, an open-source peer-to-peer (P2P) file distribution and image acceleration system. Versions prior to 2.1.0 are vulnerable due to flaws in both the gRPC and HTTP APIs. These APIs allow malicious peers to send crafted requests that cause the recipient peer to create files in arbitrary filesystem locations and read arbitrary files. This behavior leads to exposure of sensitive information, as attackers can steal secret data from other peers. Furthermore, the ability to write files arbitrarily can be leveraged to achieve remote code execution (RCE) on the victim’s machine. The vulnerability stems from improper validation of file paths and insufficient access controls, corresponding to CWE-202 (Exposure of Sensitive Information Through Data Queries) and CWE-22 (Path Traversal). The CVSS 4.0 score is 6.9 (medium severity), reflecting network attack vector, no required privileges or user interaction, but with high scope and impact on confidentiality, integrity, and availability. The vulnerability is fixed in Dragonfly version 2.1.0. No known exploits are reported in the wild yet. Given Dragonfly’s role in accelerating image distribution and file sharing in distributed environments, exploitation could compromise critical infrastructure components that rely on it for efficient content delivery and caching.

For European organizations, the impact of this vulnerability can be significant, especially for enterprises and cloud providers using Dragonfly for container image distribution, software delivery, or caching services. Exposure of sensitive files could lead to leakage of credentials, configuration files, or proprietary data. The RCE capability elevates the risk to full system compromise, enabling attackers to deploy malware, pivot within networks, or disrupt operations. This is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, and government agencies. The distributed nature of Dragonfly means that a compromised peer could be used as a foothold to attack other nodes in the network, amplifying the threat. Additionally, supply chain security could be impacted if attackers manipulate image distribution processes. The medium CVSS score suggests a moderate but non-negligible risk, warranting prompt patching and mitigation to prevent lateral movement and data breaches.

Organizations should upgrade all Dragonfly deployments to version 2.1.0 or later immediately to remediate this vulnerability. Until upgrades are feasible, restrict network access to Dragonfly peers to trusted entities only, using network segmentation and firewall rules to limit exposure. Implement strict monitoring and logging of API requests to detect anomalous file creation or access patterns indicative of exploitation attempts. Employ host-based intrusion detection systems (HIDS) to identify unauthorized file system changes. Review and harden file system permissions on nodes running Dragonfly to minimize damage from arbitrary file writes. Consider deploying application-layer gateways or API proxies that validate and sanitize incoming requests to Dragonfly APIs. Finally, conduct thorough security assessments of the Dragonfly deployment architecture to ensure no unnecessary exposure of peers to untrusted networks.