CVE-2025-68562
Unrestricted File Upload in MapSVG Enables Remote Code Execution
Publication date: 2025-12-29
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| romancode | mapsvg | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Unrestricted Upload of File with Dangerous Type in RomanCode MapSVG, which allows an attacker to upload a web shell to a web server. This means that malicious files can be uploaded without proper restrictions, potentially enabling remote code execution or control over the server.
How can this vulnerability impact me? :
The impact of this vulnerability is severe, as it can allow attackers to execute arbitrary code, gain full control over the affected web server, compromise data confidentiality, integrity, and availability, and potentially use the server to launch further attacks.