Roothub v2.5 exists to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows malicious users to execute arbitrary code via a crafted JSP file.