CVE-2025-2155
Arbitrary File Upload in EchoCCS's Specto CM
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
24 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion.
This issue affects Specto CM: before 17032025.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Echo Call Center Services Trade and Industry Inc. · Specto CM