CVE-2025-56263
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-10-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| by-night | sms | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-56263 is an arbitrary file upload vulnerability in the by-night sms V1.0 application. The /api/sms/upload/headImg endpoint allows users to upload files without proper server-side validation of file type or size. Although the frontend attempts to validate file types for avatar images, this can be bypassed by sending crafted HTTP POST requests directly to the backend. As a result, attackers can upload files of any type, including potentially malicious executable files. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to upload arbitrary files, including malicious executables, to the server. This could lead to remote code execution or other malicious activities, compromising the security and integrity of the affected system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP POST requests to the /api/sms/upload/headImg endpoint that contain file uploads with suspicious file types or extensions, especially those not typically allowed for avatar images (e.g., .exe files). You can use tools like curl or wget to attempt uploading files with different extensions to test the endpoint. For example, using curl: curl -X POST -F "[email protected];type=image/png" http://<target>/api/sms/upload/headImg and observing if the upload is accepted. Additionally, inspecting web server logs or using network monitoring tools to detect such POST requests with unusual file types can help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing strict server-side validation of uploaded files to verify file types and sizes, not relying solely on frontend validation. Restrict allowed file extensions and content types on the backend, and sanitize file names. If possible, temporarily disable or restrict access to the /api/sms/upload/headImg endpoint until a proper fix is deployed. Monitoring and blocking suspicious upload attempts via web application firewalls (WAF) or intrusion detection systems (IDS) can also help reduce risk. [1]