CVE-2025-7898
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ambitiousitbd | identsoft | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7898 is a critical vulnerability in Codecanyon iDentSoft 2.0, specifically in the Account Setting Page at the endpoint /clinica/profile/updateSetting. It involves an unrestricted file upload flaw where the 'photo' argument is improperly handled, allowing attackers to upload files with dangerous extensions like .php5.6, .phps, .phtm, .html, and .js. This can lead to arbitrary system command execution depending on the server configuration, due to insufficient validation and sanitization of uploaded files. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to remotely upload malicious files to your system, potentially leading to arbitrary code execution. This compromises the confidentiality, integrity, and availability of your system. The attacker can exploit this flaw to execute system commands, which may result in unauthorized access, data breaches, or system disruption. The exploit requires some level of authentication but is easy to perform and publicly available. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized or suspicious file uploads to the /clinica/profile/updateSetting endpoint, especially files with dangerous extensions such as .php5.6, .phps, .phtm, .html, and .js. You can check web server logs for POST requests to this endpoint with unusual file names or extensions. Additionally, scanning the upload directory for unexpected executable files may help. Commands such as 'grep' on server logs (e.g., grep "/clinica/profile/updateSetting" /var/log/apache2/access.log) or using file integrity monitoring tools to detect new or modified files with suspicious extensions can be useful. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting file uploads to the vulnerable /clinica/profile/updateSetting endpoint, especially for the 'photo' argument. Implement strict validation and sanitization of uploaded files to allow only safe file types and reject potentially dangerous extensions. If possible, restrict access to the affected component to trusted users only. Since no known countermeasures or patches are available, consider replacing the affected product with a secure alternative. Monitoring and incident response readiness are also recommended. [2]