CVE-2025-11948
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-11-12
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| excellent_infotek | document_management_system | 5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to contact the vendor for updates or patches addressing the arbitrary file upload flaw. [1, 2]
Can you explain this vulnerability to me?
This vulnerability is an Arbitrary File Upload flaw in the Document Management System developed by Excellent Infotek. It allows unauthenticated remote attackers to upload malicious web shell backdoor scripts to the server. Once uploaded, these scripts can be executed, enabling attackers to run arbitrary code on the affected server without any privileges or user interaction. [1, 2]
How can this vulnerability impact me? :
The vulnerability can have severe impacts including full compromise of the affected server. Attackers can execute arbitrary code, which can lead to unauthorized access, data theft, data modification, service disruption, and potentially complete control over the server. This affects the confidentiality, integrity, and availability of the system. [1, 2]