← back
CVE-2025-10544

Unrestricted uploading of dangerous file types to AvePoint products

CVSS 8.6 HIGHEPSS 0.3%CWE-434
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that compromise the system. In addition, it is vulnerable to Path Traversal, which allows files to be written to arbitrary directories within the web root.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N