CVE-2025-10544
BaseFortify
Publication date: 2025-09-26
Last updated on: 2025-09-26
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| avepoint | docave | 6.13.2 |
| avepoint | perimeter | 1.12.3 |
| avepoint | compliance_guardian | 4.7.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unrestricted file upload issue in certain versions of DocAve, Perimeter, and Compliance Guardian software. It allows administrator users to upload files without proper validation, which means an attacker could upload malicious files to the system. Additionally, it includes a Path Traversal vulnerability that lets attackers write files to arbitrary directories within the web root, potentially compromising the system.
How can this vulnerability impact me? :
Exploiting this vulnerability could allow an attacker to upload malicious files and place them in arbitrary directories within the web root, leading to system compromise. This could result in unauthorized access, data breaches, or disruption of services.