CVE-2025-65416
Arbitrary File Upload in docuFORM Managed Print Service Client
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docuform | managed_print_service_client | 11.11c |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-65416 is an arbitrary file upload vulnerability in the docuFORM Managed Print Service Client version 11.11c. It allows authenticated attackers to upload malicious files via the pmupdate.php script without proper validation of the file type, content, or extension.
This means attackers can upload harmful files such as web shells or scripts that could be executed by the server if placed in a web-accessible directory.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves arbitrary file upload via the pmupdate.php endpoint in docuFORM Managed Print Service Client 11.11c. Detection can focus on monitoring for unusual HTTP POST requests to pmupdate.php that include file uploads.
You can use network monitoring tools or web server logs to identify suspicious uploads. For example, using command-line tools like curl or wget to test the endpoint or grep to search logs for accesses to pmupdate.php may help.
- Check web server access logs for POST requests to pmupdate.php: grep "POST /pmupdate.php" /var/log/apache2/access.log
- Use curl to test file upload functionality (for authorized users): curl -F "[email protected]" https://targetserver/pmupdate.php
- Monitor for unexpected or unauthorized file uploads in web-accessible directories.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the vendor's fix released in November 2025, which addresses the arbitrary file upload vulnerability.
Until the patch is applied, restrict access to the pmupdate.php endpoint to only trusted and authenticated users, and monitor for suspicious activity.
Additionally, implement web server rules or firewall policies to block or limit file uploads to this endpoint and scan uploaded files for malicious content.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to serious impacts including remote code execution, system defacement, data theft, privilege escalation, persistence on the system, or even complete system compromise.