CVE-2025-10544 HIGH

CVE-2025-10544: Unrestricted uploading of dangerous file types to AvePoint products

Vendor Avepoint
Product DocAve
Weakness CWE-434 · Unrestricted file upload
Published September 26, 2025
Last update September 26, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that compromise the system. In addition, it is vulnerable to Path Traversal, which allows files to be written to arbitrary directories within the web root.

Key dates

02Disclosure timeline

September 26, 2025 CVE published
September 26, 2025 Record updated