CVE-2025-46157
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-06-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| efrotech | timetrax | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-46157 is a critical vulnerability in EfroTech Time Trax v1.0 that allows an authenticated remote attacker to execute arbitrary code on the server. The flaw exists in the Leave Request form's file attachment function, where weak server-side validation permits attackers to upload malicious .asp web shells by changing the file extension from .txt to .asp during upload. Once uploaded, the attacker can run commands on the server and escalate privileges to SYSTEM level using the EfsPotato exploit, ultimately gaining full control including creating new Administrator accounts. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including full remote code execution on the affected server, allowing attackers to run arbitrary commands. Through privilege escalation techniques, attackers can gain SYSTEM-level access, effectively taking complete control of the system. This can lead to unauthorized creation of Administrator accounts, data compromise, service disruption, and potential further attacks within the network. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious file uploads, especially attempts to upload .asp files via the Leave Request form in the Attendance module. Detection involves intercepting HTTP requests to check if file extensions are being modified from .txt to .asp during upload. Tools like Burp Suite can be used to intercept and analyze these requests. Additionally, scanning the server for unexpected .asp files in upload directories and checking for web shells can help detect exploitation. There are no specific commands provided, but using web proxy tools to inspect upload requests and searching the server filesystem for .asp files in upload locations are recommended approaches. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing robust server-side validation to strictly enforce allowed file types and prevent uploading of .asp or other executable files. Restrict file upload functionality to trusted users and monitor upload activity closely. Applying patches or updates from the vendor, if available, is critical. Additionally, reviewing and limiting privileges such as SeImpersonatePrivilege can reduce the risk of privilege escalation via the EfsPotato exploit. Monitoring for and removing any uploaded web shells and strengthening antivirus detection against obfuscated payloads are also important. [1]