CVE-2025-2819 MEDIUM

CVE-2025-2819: Unrestricted Fileupload

Vendor Bizerba Se & Co. Kg
Product GT-SoftControl
Weakness CWE-434 · Unrestricted file upload
Published March 26, 2025
Last update March 26, 2025

CVSS base score

6.6/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.

Key dates

02Disclosure timeline

March 26, 2025 CVE published
March 26, 2025 Record updated