CVE-2025-10267
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-12
Last updated on: 2025-09-15
Assigner: TWCERT/CC
Description
Description
NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| newtype | nup_portal | sp5.0 |
| newtype | nup_portal | sp5.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the NUP Portal by NewType Infortech is a Missing Authentication issue that allows unauthenticated remote attackers to upload files directly to the server. If attackers bypass file extension restrictions, they can upload a webshell, enabling them to execute arbitrary code on the server.
How can this vulnerability impact me? :
The vulnerability can allow attackers to upload malicious files and execute code on the server, potentially leading to unauthorized control over the system, data manipulation, or further attacks within the network.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70