CVE-2025-9099
BaseFortify
Publication date: 2025-08-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acrel | environmental_monitoring_cloud_platform | 20250804 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9099 is a vulnerability in the Acrel Environmental Monitoring Cloud Platform (up to version 20250804) where the /NewsManage/UploadNewsImg interface allows unrestricted file uploads due to insufficient validation of the File argument. This means an attacker can remotely upload arbitrary files, including potentially malicious ones, which could lead to unauthorized actions or code execution on the server. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected system. An attacker can remotely upload malicious files that may be executed or processed by the platform, potentially leading to unauthorized access, data breaches, or disruption of services. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring or testing the /NewsManage/UploadNewsImg endpoint for unrestricted file upload behavior. Since the vulnerability involves manipulation of the File argument to upload arbitrary files, detection can involve attempting to upload various file types to this endpoint and observing if the server accepts them without proper validation. Network monitoring tools can look for unusual POST requests to /NewsManage/UploadNewsImg carrying file upload data. Specific commands are not provided in the resources, but typical detection might involve using curl or similar tools to test file uploads, e.g., curl -X POST -F "[email protected]" https://target/NewsManage/UploadNewsImg and checking the response for acceptance or error. Additionally, monitoring web server logs for unexpected file upload activity to this path can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No known mitigations or vendor patches are currently available for this vulnerability. Immediate steps include considering replacing the affected product, Acrel Environmental Monitoring Cloud Platform version up to 20250804, with a secure alternative. Additionally, restricting access to the /NewsManage/UploadNewsImg endpoint via network controls such as firewalls or web application firewalls (WAF) to block unauthorized file uploads can help reduce risk. Monitoring for exploitation attempts and applying strict file upload validation if possible are recommended. Since the vendor has not responded or provided fixes, mitigation relies on compensating controls and product replacement. [2]