CVE-2025-0645 HIGH

CVE-2025-0645: Arbitrary File Upload in Narkom Communication Technologies' Pyxis Signage

Vendor Narkom Communication And Software Technologies Trade Ltd. Co.
Product Pyxis Signage
Weakness CWE-434 · Unrestricted file upload
Published November 20, 2025
Last update June 6, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Pyxis Signage: through 31012025.

Key dates

02Disclosure timeline

November 20, 2025 CVE published
June 6, 2026 Record updated