← back
CVE-2025-5243

Arbitrary File Upload in SMG Software's Information Portal

CVSS 10 CRITICALEPSS 1.5%CWE-434CWE-78
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 10EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
24 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
SMG Software · Information Portal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0174https://www.usom.gov.tr/bildirim/tr-25-0174