CVE 8.8 HIGH

CVE-2025-63748_CVE-2025-63748

November 17, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option, which executes the PHP payload on the server.

AI Analysis

Arbitrary file upload vulnerability in QaTraq 6.9.2 allowing execution of PHP payloads on the server

Basic Information

ID CVE-2025-63748

Source mitre

Published Nov 17, 2025 at 00:00

Modified Nov 17, 2025 at 19:53

Affected Product

Vendor QaTraq

Product QaTraq

Version 6.9.2

Affected Versions n/a n/a n/a

CWE Classification

CWE-434

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor QaTraq

Product QaTraq

Version 6.9.2

References

{
    "lastseen": "",
    "description": "QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the \"Add Attachment\" feature in the \"Test Script\" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the \"View Attachment\" option, which executes the PHP payload on the server.",
    "published": "2025-11-17T00:00:00.000Z",
    "modified": "2025-11-17T19:53:27.624Z",
    "type": "cve",
    "title": "CVE-2025-63748",
    "source": "mitre",
    "references": "http://qatraq.com\nhttps://bitsbyamg.com/blog/post/2025/10/19/qatraq-692-default-creds-and-file-upload-rce",
    "id": "CVE-2025-63748",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "QaTraq",
    "version": "6.9.2",
    "vendor": "QaTraq",
    "ai_description": "Arbitrary file upload vulnerability in QaTraq 6.9.2 allowing execution of PHP payloads on the server",
    "ai_severity": "High",
    "ai_vendor": "QaTraq",
    "ai_product": "QaTraq",
    "ai_version": "6.9.2",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply