CVE-2025-24775
BaseFortify
Publication date: 2025-08-14
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| made_it | forms | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Unrestricted Upload of File with Dangerous Type in Made I.T. Forms, which allows an attacker to upload a web shell to a web server. This means that the attacker can upload malicious files that can be executed on the server, potentially gaining control over it.
How can this vulnerability impact me? :
The impact of this vulnerability is severe as it allows attackers to execute arbitrary code on the affected web server, leading to full compromise of confidentiality, integrity, and availability of the system. This can result in data theft, data loss, service disruption, and unauthorized control over the server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards and regulations such as GDPR and HIPAA because it can lead to unauthorized access and disclosure of sensitive personal or health information, violating data protection and privacy requirements.