CVE-2025-31342

Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type

CVSS 9.3 CRITICALEPSS 0.5%CWE-434

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

20 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

Affected products

Galaxy Software Services Corporation · Vitals ESP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://zuso.ai/advisory/za-2025-15