← volver
CVE-2025-2155

Arbitrary File Upload in EchoCCS's Specto CM

CVSS 8.8 HIGHEPSS 0.3%CWE-434
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
24 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H