CVE-2025-65416
Received Received - Intake
Arbitrary File Upload in docuFORM Managed Print Service Client

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2025-65416
EUVD
EUVD-2025-209775
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
docuform managed_print_service_client 11.11c
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

Exploitation of this vulnerability can lead to serious impacts including remote code execution, system defacement, data theft, privilege escalation, persistence on the system, or even complete system compromise.

Compliance Impact

The vulnerability allows arbitrary file upload, which can lead to remote code execution, data theft, and complete system compromise. Such security breaches can result in unauthorized access to sensitive personal or health data, potentially violating compliance requirements under regulations like GDPR and HIPAA.

Failure to properly secure systems against this vulnerability could lead to non-compliance with data protection standards that mandate safeguarding personal data against unauthorized access and breaches.

Executive Summary

CVE-2025-65416 is an arbitrary file upload vulnerability in the docuFORM Managed Print Service Client version 11.11c. It allows authenticated attackers to upload malicious files via the pmupdate.php script without proper validation of the file type, content, or extension.

This means attackers can upload harmful files such as web shells or scripts that could be executed by the server if placed in a web-accessible directory.

Detection Guidance

This vulnerability involves arbitrary file upload via the pmupdate.php endpoint in docuFORM Managed Print Service Client 11.11c. Detection can focus on monitoring for unusual HTTP POST requests to pmupdate.php that include file uploads.

You can use network monitoring tools or web server logs to identify suspicious uploads. For example, using command-line tools like curl or wget to test the endpoint or grep to search logs for accesses to pmupdate.php may help.

  • Check web server access logs for POST requests to pmupdate.php: grep "POST /pmupdate.php" /var/log/apache2/access.log
  • Use curl to test file upload functionality (for authorized users): curl -F "[email protected]" https://targetserver/pmupdate.php
  • Monitor for unexpected or unauthorized file uploads in web-accessible directories.
Mitigation Strategies

Immediate mitigation steps include applying the vendor's fix released in November 2025, which addresses the arbitrary file upload vulnerability.

Until the patch is applied, restrict access to the pmupdate.php endpoint to only trusted and authenticated users, and monitor for suspicious activity.

Additionally, implement web server rules or firewall policies to block or limit file uploads to this endpoint and scan uploaded files for malicious content.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65416. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart