CVE-2025-8344
BaseFortify
Publication date: 2025-07-31
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| viglet | shio | to 0.3.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical security flaw in the openviglet shio software up to version 0.3.8. It exists in the function shStaticFileUpload, where manipulation of the filename argument allows an attacker to upload files without restriction. This can be exploited remotely, meaning an attacker does not need local access to the system to perform the attack. The vulnerability has been publicly disclosed and can be used by attackers.
How can this vulnerability impact me? :
The vulnerability allows an attacker to upload arbitrary files to the system remotely without restrictions. This can lead to unauthorized file uploads, potentially resulting in system compromise, data breaches, or the execution of malicious code on the affected system.