CVE-2025-31342 | THREATINT

Description

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.

PUBLISHED Reserved 2025-03-28 | Published 2025-10-20 | Updated 2025-10-20 | Assigner ZUSO ART

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status

affected

Any version

affected

References

zuso.ai/advisory third-party-advisory

cve.org (CVE-2025-31342)

nvd.nist.gov (CVE-2025-31342)

Download JSON