CVE-2025-10465
Deferred Deferred - Pending Action

Unrestricted File Upload in Sensaway Enables Remote Code Execution

Vulnerability report for CVE-2025-10465, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-09

Last updated on: 2026-06-05

Assigner: Computer Emergency Response Team of the Republic of Turkey

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server. This issue affects Sensaway: through 09022026. NOTE:Β Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-09
Last Modified
2026-06-05
Generated
2026-07-06
AI Q&A
2026-02-09
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
birtech_information_technologies_industry_and_trade_ltd_co sensaway to 09022026 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Unrestricted Upload of File with Dangerous Type in the Sensaway product by Birtech Information Technologies Industry and Trade Ltd. Co. It allows an attacker to upload a web shell to the web server, which can then be used to execute malicious commands remotely.

Impact Analysis

The impact of this vulnerability is severe as it allows remote attackers to execute arbitrary code on the affected server. This can lead to full compromise of the server, including unauthorized access, data theft, data modification, and disruption of services.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10465. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart