CVE-2025-11020 HIGH

CVE-2025-11020: Remote Code Execution in MarkAny SafePC Enterprise

Vendor Markany
Product SafePC Enterprise
Weakness CWE-89 · SQLi
Published October 2, 2025
Last update October 2, 2025

CVSS base score

8.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.

Key dates

02Disclosure timeline

October 2, 2025 CVE published
October 2, 2025 Record updated