CVE-2025-0731

Published: Feb 26, 2025Modified: Feb 26, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.5

Source: info@cert.vde.com (Secondary)

Description

An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user.

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://cert.vde.com/en/advisories/VDE-2025-012

Source: info@cert.vde.com

Timeline

No history available yet.