CVE-2025-57794

Critical CVSS: 9.1

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations.

Vendor

Explorance

Product

Blue

CWE

CWE-434

Yayın Tarihi

2026-01-28 18:16:49

Güncelleme

2026-02-05 16:59:21

Source Identifier

mandiant-cve@google.com

KEV Date Added

Kategoriler

CWE-434 Blue CRITICAL Explorance 2026

Referanslar

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0003.md https://online-help.explorance.com/blue/articles/security-advisories-(january-2026) https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57794 https://www.explorance.com/products/blue

Benzer Kayıtlar

Critical

CVE-2025-57792

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user…

High

CVE-2025-57793

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user…

Critical

CVE-2025-57795

Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service c…

Medium

CVE-2025-57796

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sen…

Medium

CVE-2025-52344

Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject…