CVE-2025-65734 | THREATINT

Description

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file.

PUBLISHED Reserved 2025-11-18 | Published 2026-03-16 | Updated 2026-03-16 | Assigner mitre

References

huntr.com/users/apostolides

github.com/apostolides

www.linkedin.com/in/thanos-apostolidis-3255591b1/

huntr.com/bounties/540f743c-fa3e-4be6-9f85-439fff2fc5fe

cve.org (CVE-2025-65734)

nvd.nist.gov (CVE-2025-65734)

Download JSON