Remote Code Execution in MarkAny SafePC Enterprise_CVE-2025-11020

8.7 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Description

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.

Basic Information

ID CVE-2025-11020

Source FSI

Published Oct 2, 2025 at 05:15

Affected Product

Vendor MarkAny

Product SafePC Enterprise

Version V7.0.* (V7.0.YYYY.MM.DD)

Affected Versions MarkAny SafePC Enterprise V7.0.* (V7.0.YYYY.MM.DD)
MarkAny SafePC Enterprise V5.*.*

CWE Classification

CWE-89 CWE-22 CWE-434

References

www.markany.com /enterprisesecurity

{
    "lastseen": "",
    "description": "An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.",
    "published": "2025-10-02T05:15:50.859Z",
    "modified": "2025-10-02T05:15:50.859Z",
    "type": "cve",
    "title": "Remote Code Execution in MarkAny SafePC Enterprise",
    "source": "FSI",
    "references": "https://www.markany.com/enterprisesecurity?utm_campaign=markany_sa&utm_source=google_pc&utm_medium=gsa_pc&utm_term=cybersecurity&utm_content=&gad_source=1&gad_campaignid=21853187406&gbraid=0AAAAADOrb0lM8ZHyDytvnVwj9T--km9aM&gclid=Cj0KCQjwovPGBhDxARIsAFhgkwSh0F9hnsAoRTS8OnFI3KcF4_UMarYchq0uP5V1DiSQyKKVLdZPJNYaAiBuEALw_wcB",
    "id": "CVE-2025-11020",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-22",
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "MarkAny SafePC Enterprise V7.0.* (V7.0.YYYY.MM.DD)\nMarkAny SafePC Enterprise V5.*.*",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SafePC Enterprise",
    "version": "V7.0.* (V7.0.YYYY.MM.DD)",
    "vendor": "MarkAny",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}