CVE-2025-8323
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-07-31
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| feiyu_high-tech | multifunction_smart_campus_platform | * |
| ventem | e-school | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8323 is an Arbitrary File Upload vulnerability in the e-School product from Ventem. It allows unauthenticated remote attackers, or attackers with low privileges, to upload malicious files such as web shell backdoors. These backdoors enable the attackers to execute arbitrary code on the affected server, potentially taking full control of it. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to severe impacts including unauthorized access and control over the affected server. Attackers can execute arbitrary code, compromising confidentiality, integrity, and availability of the system. This means sensitive data could be exposed or altered, and system operations could be disrupted or taken down. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include contacting the vendor (Feiyu High-Tech or Ventem) to verify the availability of security updates for your locally deployed e-School system. Additionally, consider disabling external services or restricting system access exclusively to the internal campus network to limit exposure. [1, 2]