Skip to content

Pyrofork has a Path Traversal in download_media Method

Moderate severity GitHub Reviewed Published Dec 10, 2025 in Mayuri-Chan/pyrofork • Updated Dec 11, 2025

Package

pippyrofork (pip)

Affected versions

<= 2.3.68

Patched versions

2.3.69

Description

Summary

The download_media method in Pyrofork does not sanitize filenames received from Telegram messages before using them in file path construction. This allows a remote attacker to write files to arbitrary locations on the filesystem by sending a specially crafted document with path traversal sequences (e.g., ../) or absolute paths in the filename.

Details

When downloading media, if the user does not specify a custom filename (which is the common/default usage), the method falls back to using the file_name attribute from the media object. This attribute originates from Telegram's DocumentAttributeFilename and is controlled by the message sender.

Vulnerable Code Path

Step 1: In pyrogram/methods/messages/download_media.py (lines 145-151):

media_file_name=getattr(media, "file_name", "") # Value from Telegram messagedirectory, file_name=os.path.split(file_name) # Split user's path parameterfile_name=file_nameormedia_file_nameor""# Falls back to media_file_name if empty

When a user calls download_media(message) or download_media(message, "downloads/"), the os.path.split() returns an empty filename, causing the code to use media_file_name which is attacker-controlled.

Step 2: In pyrogram/client.py (line 1125):

temp_file_path=os.path.abspath(re.sub("\\\\", "/", os.path.join(directory, file_name))) +".temp"

The os.path.join() function does not prevent path traversal. When file_name contains ../ sequences or is an absolute path, it allows writing outside the intended download directory.

Why the existing isabs check is insufficient

The check at line 153 in download_media.py:

ifnotos.path.isabs(file_name): directory=self.PARENT_DIR/ (directoryorDEFAULT_DOWNLOAD_DIR)

This check only handles absolute paths by skipping the directory prefix, but:

  1. For relative paths with ../, os.path.isabs() returns False, so the check doesn't catch it
  2. For absolute paths, os.path.join() in the next step will still use the absolute path directly

PoC

The following Python script demonstrates the vulnerability by simulating the exact code logic from download_media.py and client.py:

#!/usr/bin/env python3"""Path Traversal PoC for Pyrofork download_mediaDemonstrates CWE-22 vulnerability in filename handling"""importosimportshutilimporttempfilefrompathlibimportPathfromdataclassesimportdataclass@dataclassclassMockDocument: """Simulates a Telegram Document with attacker-controlled file_name"""file_id: strfile_name: str# Attacker-controlled!@dataclassclassMockMessage: """Simulates a Telegram Message"""document: MockDocumentDEFAULT_DOWNLOAD_DIR="downloads/"defvulnerable_download_media(parent_dir, message, file_name=DEFAULT_DOWNLOAD_DIR): """ Simulates the vulnerable logic from: - pyrogram/methods/messages/download_media.py (lines 145-154) - pyrogram/client.py (line 1125) """media=message.documentmedia_file_name=getattr(media, "file_name", "") # Line 150-151: Split and fallbackdirectory, file_name=os.path.split(file_name) file_name=file_nameormedia_file_nameor""# Line 153-154: isabs check (insufficient!)ifnotos.path.isabs(file_name): directory=parent_dir/ (directoryorDEFAULT_DOWNLOAD_DIR) ifnotfile_name: file_name="generated_file.bin"# Line 1125 in client.py: Path constructionimportretemp_file_path=os.path.abspath( re.sub("\\\\", "/", os.path.join(str(directory), file_name)) ) +".temp"returntemp_file_pathdefrun_poc(): print("="*60) print("PYROFORK PATH TRAVERSAL PoC") print("="*60) withtempfile.TemporaryDirectory() astemp_base: parent_dir=Path(temp_base) expected_dir=str(parent_dir/"downloads") print(f"\n[*] Bot working directory: {parent_dir}") print(f"[*] Expected download dir: {expected_dir}") # Attack: Path traversal with ../print("\n"+"-"*60) print("TEST: Path Traversal Attack") print("-"*60) malicious_msg=MockMessage( document=MockDocument( file_id="test_id", file_name="../../../tmp/malicious_file" ) ) result_path=vulnerable_download_media( parent_dir=parent_dir, message=malicious_msg, file_name="downloads/" ) # Remove .temp suffix for final pathfinal_path=os.path.splitext(result_path)[0] print(f"[*] Malicious filename: ../../../tmp/malicious_file") print(f"[*] Resulting path: {final_path}") ifnotfinal_path.startswith(expected_dir): print(f"\n[!] VULNERABILITY CONFIRMED") print(f"[!] File path escapes intended directory!") print(f"[!] Expected: {expected_dir}/...") print(f"[!] Actual: {final_path}") else: print("[*] Path is within expected directory") if__name__=="__main__": run_poc()

How to Run

Save the above script and run:

python3 poc_script.py

Expected Output

============================================================ PYROFORK PATH TRAVERSAL PoC ============================================================ [*] Bot working directory: /tmp/tmpXXXXXX [*] Expected download dir: /tmp/tmpXXXXXX/downloads ------------------------------------------------------------ TEST: Path Traversal Attack ------------------------------------------------------------ [*] Malicious filename: ../../../tmp/malicious_file [*] Resulting path: /tmp/malicious_file [!] VULNERABILITY CONFIRMED [!] File path escapes intended directory! [!] Expected: /tmp/tmpXXXXXX/downloads/... [!] Actual: /tmp/malicious_file

Why This Proves the Vulnerability

  1. The PoC uses the exact same logic as the vulnerable code in download_media.py and client.py
  2. The malicious filename ../../../tmp/malicious_file causes the path to escape from /tmp/tmpXXX/downloads/ to /tmp/malicious_file
  3. Python's os.path.join() and os.path.abspath() behavior is deterministic - this will work the same way in the real library

Impact

Who is affected?

  • Telegram bots or user accounts using Pyrofork that download media with default parameters
  • The common usage pattern await client.download_media(message) is affected

Conditions required for exploitation

  1. Attacker must be able to send messages to the victim's bot/account
  2. Victim must download the media without specifying a custom filename
  3. The bot process must have write permissions to the target location

Potential consequences

  • Arbitrary file write to locations writable by the bot process
  • Overwriting existing files could cause denial of service or configuration issues
  • In specific deployment scenarios, could potentially lead to code execution (e.g., if bot runs with elevated privileges)

Recommended Fix

Add filename sanitization in download_media.py after line 151:

file_name=file_nameormedia_file_nameor""# Add this sanitization block:iffile_name: # Remove any path components, keeping only the basenamefile_name=os.path.basename(file_name) # Remove null bytes which could cause issuesfile_name=file_name.replace('\x00', '') # Handle edge casesifnotfile_nameorfile_namein ('.', '..'): file_name=""

This ensures that only the filename component is used, stripping any directory traversal sequences or absolute paths.

Thank you for your time in reviewing this report. Please let me know if you need any additional information or clarification.

References

@wulan17wulan17 published to Mayuri-Chan/pyrofork Dec 10, 2025
Published to the GitHub Advisory Database Dec 10, 2025
Reviewed Dec 10, 2025
Published by the National Vulnerability DatabaseDec 11, 2025
Last updated Dec 11, 2025

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

CVSS v3 base metrics

Attack vector:More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity:More severe for the least complex attacks.
Privileges required:More severe if no privileges are required.
User interaction:More severe when no user interaction is required.
Scope:More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality:More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity:More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability:More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(13th percentile)

Weaknesses

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Learn more on MITRE.

CVE ID

CVE-2025-67720

GHSA ID

GHSA-6h2f-wjhf-4wjx

Source code

Credits

LoadingChecking history
See something to contribute? Suggest improvements for this vulnerability.