CVE-2025-9060
BaseFortify
Publication date: 2025-08-15
Last updated on: 2025-08-18
Assigner: Kaspersky Labs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| msoft | mflash | 8.2-653 |
| msoft | mflash | 8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the MSoft MFlash application allows execution of arbitrary code on the server. It occurs in the integration configuration functionality, which is accessible only to MFlash administrators, due to insufficient validation of parameters when setting up security components.
How can this vulnerability impact me? :
The vulnerability can lead to an attacker executing arbitrary code on the server, potentially resulting in full compromise of the system, including unauthorized access, data manipulation, and disruption of services.
What immediate steps should I take to mitigate this vulnerability?
Apply the 8.2-653 hotfix released on 11.06.2025 or any later updates to the MFlash application to mitigate this vulnerability.