Selleo Mentingo Profile Picture unrestricted upload_CVE-2025-10741

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument userAvatar leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-10741

Source VulDB

Published Sep 20, 2025 at 12:02

Affected Product

Vendor Selleo

Product Mentingo

Version 2025.08.0

Affected Versions Selleo Mentingo 2025.08.0
Selleo Mentingo 2025.08.1
Selleo Mentingo 2025.08.2
Selleo Mentingo 2025.08.3
Selleo Mentingo 2025.08.4
Selleo Mentingo 2025.08.5
Selleo Mentingo 2025.08.6
Selleo Mentingo 2025.08.7
Selleo Mentingo 2025.08.8
Selleo Mentingo 2025.08.9
Selleo Mentingo 2025.08.10
Selleo Mentingo 2025.08.11
Selleo Mentingo 2025.08.12
Selleo Mentingo 2025.08.13
Selleo Mentingo 2025.08.14
Selleo Mentingo 2025.08.15
Selleo Mentingo 2025.08.16
Selleo Mentingo 2025.08.17
Selleo Mentingo 2025.08.18
Selleo Mentingo 2025.08.19
Selleo Mentingo 2025.08.20
Selleo Mentingo 2025.08.21
Selleo Mentingo 2025.08.22
Selleo Mentingo 2025.08.23
Selleo Mentingo 2025.08.24
Selleo Mentingo 2025.08.25
Selleo Mentingo 2025.08.26
Selleo Mentingo 2025.08.27

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument userAvatar leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-20T12:02:06.199Z",
    "modified": "2025-09-20T12:02:06.199Z",
    "type": "cve",
    "title": "Selleo Mentingo Profile Picture unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325068\nhttps://vuldb.com/?ctiid.325068\nhttps://vuldb.com/?submit.645385\nhttps://gist.github.com/KhanMarshaI/ba3e74b331ce4ab602a5a22a59aaf819\nhttps://gist.github.com/KhanMarshaI/7a2e74fcb194f7d6ee7e60da4a14af7b",
    "id": "CVE-2025-10741",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Selleo Mentingo 2025.08.0\nSelleo Mentingo 2025.08.1\nSelleo Mentingo 2025.08.2\nSelleo Mentingo 2025.08.3\nSelleo Mentingo 2025.08.4\nSelleo Mentingo 2025.08.5\nSelleo Mentingo 2025.08.6\nSelleo Mentingo 2025.08.7\nSelleo Mentingo 2025.08.8\nSelleo Mentingo 2025.08.9\nSelleo Mentingo 2025.08.10\nSelleo Mentingo 2025.08.11\nSelleo Mentingo 2025.08.12\nSelleo Mentingo 2025.08.13\nSelleo Mentingo 2025.08.14\nSelleo Mentingo 2025.08.15\nSelleo Mentingo 2025.08.16\nSelleo Mentingo 2025.08.17\nSelleo Mentingo 2025.08.18\nSelleo Mentingo 2025.08.19\nSelleo Mentingo 2025.08.20\nSelleo Mentingo 2025.08.21\nSelleo Mentingo 2025.08.22\nSelleo Mentingo 2025.08.23\nSelleo Mentingo 2025.08.24\nSelleo Mentingo 2025.08.25\nSelleo Mentingo 2025.08.26\nSelleo Mentingo 2025.08.27",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mentingo",
    "version": "2025.08.0",
    "vendor": "Selleo",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}