CVE-2025-31342 CRITICAL

CVE-2025-31342: Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type

Vendor Galaxy Software Services Corporation
Product Vitals ESP
Weakness CWE-434 · Unrestricted file upload
Published October 20, 2025
Last update January 30, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

What the vulnerability does

01Description

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.

Key dates

02Disclosure timeline

October 20, 2025 CVE published
January 30, 2026 Record updated