Unrestricted File Upload Vulnerability in Explorance Blue_CVE-2025-57794

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations.

Basic Information

ID CVE-2025-57794

Source Mandiant

Published Jan 28, 2026 at 17:33

Modified Jan 28, 2026 at 18:25

Affected Product

Vendor Explorance

Product Blue

Affected Versions Explorance Blue 0

CWE Classification

CWE-434

References

{
    "lastseen": "",
    "description": "Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations.",
    "published": "2026-01-28T17:33:43.151Z",
    "modified": "2026-01-28T18:25:06.258Z",
    "type": "cve",
    "title": "Unrestricted File Upload Vulnerability in Explorance Blue",
    "source": "Mandiant",
    "references": "https://www.explorance.com/products/blue\nhttps://online-help.explorance.com/blue/articles/security-advisories-(january-2026)\nhttps://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57794\nhttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0003.md",
    "id": "CVE-2025-57794",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Explorance Blue 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Blue",
    "version": "0",
    "vendor": "Explorance",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}