CVE-2025-10544
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-26

Last updated on: 2025-09-26

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that compromise the system. In addition, it is vulnerable to Path Traversal, which allows files to be written to arbitrary directories within the web root.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-26
Last Modified
2025-09-26
Generated
2026-06-16
AI Q&A
2025-09-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10544
EUVD
EUVD-2025-31328
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
avepoint docave 6.13.2
avepoint perimeter 1.12.3
avepoint compliance_guardian 4.7.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unrestricted file upload issue in certain versions of DocAve, Perimeter, and Compliance Guardian software. It allows administrator users to upload files without proper validation, which means an attacker could upload malicious files to the system. Additionally, it includes a Path Traversal vulnerability that lets attackers write files to arbitrary directories within the web root, potentially compromising the system.

Impact Analysis

Exploiting this vulnerability could allow an attacker to upload malicious files and place them in arbitrary directories within the web root, leading to system compromise. This could result in unauthorized access, data breaches, or disruption of services.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10544. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart