CVE-2025-67260

Published: Mar 20, 2026Modified: Apr 14, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0.

Affected (3)

Products: Aster Te: Terrapack Tkservercgi, Terrapack Tkwebcoreng, Terrapack Tpkwebgis

3 products

Terrapack Tkservercgi

Terrapack Tkwebcoreng

Terrapack Tpkwebgis

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Aster Te Terrapack Tkservercgi	Version 2.5.4.150
Aster Te Terrapack Tkwebcoreng	Version 1.0.20200914
Aster Te Terrapack Tpkwebgis	Version 1.0.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (5)

http://aster.com

Source: cve@mitre.org

Not Applicable

http://terrapack.com

Source: cve@mitre.org

Broken Link

https://github.com/edi-marc/Vulnerability_List/tree/main/CVE_Terrapack

Source: cve@mitre.org

Third Party Advisory

https://packetstorm.news/files/id/217271

Source: cve@mitre.org

Not Applicable

https://www.acn.gov.it/portale/en/csirt-italia

Source: cve@mitre.org

Broken Link

Timeline

No history available yet.