CVE-2025-11675
BaseFortify
Publication date: 2025-10-13
Last updated on: 2025-10-14
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ragic | enterprise_cloud_database | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Arbitrary File Upload flaw in the Enterprise Cloud Database developed by Ragic. It allows a remote attacker with high privileges to upload and execute web shell backdoors on the server. This means the attacker can run arbitrary code on the affected server, potentially taking full control. [1, 2]
How can this vulnerability impact me? :
The vulnerability can lead to severe impacts including unauthorized access to sensitive data, modification or deletion of data, and disruption of service. Since the attacker can execute arbitrary code on the server, it compromises confidentiality, integrity, and availability of the system. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should promptly apply the vendor's patch released on or after September 12, 2025, 12:55:15. Installing this patch or later versions will remediate the Arbitrary File Upload vulnerability and prevent attackers from uploading and executing web shell backdoors on the server. [1, 2]