CVE-2023-7305
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-15

Last updated on: 2025-11-07

Assigner: VulnCheck

Description
SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code on the host. The vendor released a fix in July 2023 to address the underlying flaw.Β VulnCheck has observed this vulnerability being exploited in the wild.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-15
Last Modified
2025-11-07
Generated
2026-06-16
AI Q&A
2025-10-15
EPSS Evaluated
2026-06-15
NVD
CVE-2023-7305
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
smartbi smartbi 8
smartbi smartbi 10
smartbi smartbi 9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-7305 is a critical vulnerability in SmartBI versions 8, 9, and 10 that allows attackers to upload files without proper restrictions via the RMIServlet endpoint. This flaw enables attackers to send specially crafted requests that bypass authentication and invoke arbitrary Java methods on the server, potentially leading to remote code execution (RCE). The vulnerability arises from insufficient validation in the request handling logic, specifically in the authentication checks and the dynamic invocation of service module methods, allowing attackers to execute sensitive operations or arbitrary code remotely. [3, 4]

Impact Analysis

This vulnerability can have severe impacts including unauthorized remote code execution on the host running SmartBI, allowing attackers to perform sensitive operations, compromise data confidentiality, integrity, and availability. It can lead to full system compromise, data breaches, and disruption of business intelligence services. The vulnerability has been actively exploited by the Rondo botnet, increasing the risk to affected systems. [3, 4]

Detection Guidance

This vulnerability can be detected by monitoring and testing the /smartbi/vision/RMIServlet endpoint for unauthorized or specially crafted POST requests that invoke arbitrary class methods without proper authentication. A detection approach involves sending crafted POST requests targeting the RMIServlet with parameters such as className, methodName, and params to check if the server executes them without authentication. For example, a test command using curl could be: curl -X POST http://<target>/smartbi/vision/RMIServlet -d "className=UserService&methodName=isLogged&params=[]" If the response indicates successful invocation without authentication, the system is vulnerable. Additionally, monitoring network traffic for unusual POST requests to this endpoint or unexpected method invocations can help detect exploitation attempts. [4]

Mitigation Strategies

Immediate mitigation steps include applying the official patch released by the vendor in July 2023 that fixes the unrestricted file upload and authentication bypass issues in the RMIServlet. If patching is not immediately possible, restrict access to the /smartbi/vision/RMIServlet endpoint via network controls such as firewall rules or web application firewall (WAF) rules to block unauthorized or suspicious requests. Additionally, monitor for exploitation attempts, disable or limit the use of vulnerable Smartbi versions (V8, V9, V10), and consider deploying intrusion detection systems to alert on suspicious activity targeting this endpoint. [3, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-7305. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart