| ZUSOART ID |
ZA-2025-15 |
| CVE ID |
CVE-2025-31342 |
| Vulnerability Type |
CWE-434: Unrestricted Upload of File with Dangerous Type |
| CVSS 4.0 Base |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H(9.3) |
| Description |
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file. |
| Vendor |
Galaxy Software Services Corporation |
| Product |
| Category |
Version affected |
| Vitals ESP Forum Module |
Through 1.3 |
|
| Product Support |
Contact Galaxy Software Services Corporation for version updates. |
| Release date |
2025/10/20 |
| Credit |
Jian You Chen (Jeremy Chen) of ZUSO ART |
