Galaxy Software Services Vitals ESP Forum Module

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

Description

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.

Basic Information

ID CVE-2025-31342

Source ZUSO ART

Published Oct 20, 2025 at 07:56

Affected Product

Vendor Galaxy Software Services Corporation

Product Vitals ESP

Affected Versions Galaxy Software Services Corporation Vitals ESP 0

CWE Classification

CWE-434

References

zuso.ai /advisory

{
    "lastseen": "",
    "description": "An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.",
    "published": "2025-10-20T07:56:46.352Z",
    "modified": "2025-10-20T07:56:46.352Z",
    "type": "cve",
    "title": "Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type",
    "source": "ZUSO ART",
    "references": "https://zuso.ai/advisory",
    "id": "CVE-2025-31342",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Galaxy Software Services Corporation Vitals ESP 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vitals ESP",
    "version": "0",
    "vendor": "Galaxy Software Services Corporation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Galaxy Software Services Vitals ESP Forum Module – Unrestricted Upload of File with Dangerous Type_CVE-2025-31342