CVE-2025-7917
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-07-22
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| simopro_technology | winmatrix3_web | 3.9.1 |
| simopro_technology | winmatrix3_web | 3.8.52.5 |
| simopro_technology | winmatrix3_web | 1.2.38.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Arbitrary File Upload flaw in the WinMatrix3 Web package developed by Simopro Technology. It allows remote attackers who already have administrator privileges to upload malicious files, such as web shell backdoors, to the server. These uploaded files can then be executed, enabling the attacker to run arbitrary code on the affected server. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with administrator privileges to execute arbitrary code on your server by uploading and running malicious web shell backdoors. This can lead to full compromise of the server, including unauthorized access, data theft, data modification, and disruption of services. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the AP component of WinMatrix3 Web to version 3.8.52.5 (Web 1.2.39.5) and apply the provided hotfix, or upgrade to AP version 3.9.1 (Web 1.3.1) or later. [1, 2]