Home

Description

Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that compromise the system. In addition, it is vulnerable to Path Traversal, which allows files to be written to arbitrary directories within the web root.

PUBLISHED Reserved 2025-09-16 | Published 2025-09-26 | Updated 2025-09-26 | Assigner INCIBE




HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

6.13.2
affected

Default status
unaffected

1.12.3
affected

Default status
unaffected

Any version before 4.7.1
affected

Credits

Chetani Mesa Guzmán finder

Marcos Díaz Castiñeiras finder

References

www.incibe.es/...ding-dangerous-file-types-avepoint-products

cve.org (CVE-2025-10544)

nvd.nist.gov (CVE-2025-10544)

Download JSON