CVE-2025-31342

9.3

Critical

Published:20 Oct 2025

Last updated:17 Jun 2026

Source:ART@zuso.ai

Deferred

Weakness (CWE)

CWE-434Unrestricted File Upload

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: None
Privileges Required: Low
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): Low
Integrity (Subsequent): Low
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.

References

ART@zuso.ai

https://zuso.ai/advisory/za-2025-15