CVE-2025-1980
7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. Refer to the Required Configuration for Exposure section for more information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Symfonia | Ready_ | 7.0.0.0 <= 7.19.39.23 | affected |
| Symfonia | Ready_ | 8.0.0.0 <= 8.0.2.3 | affected |
Weaknesses
- CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://cert.pl/posts/2025/04/CVE-2025-1980
- https://cert.pl/en/posts/2025/04/CVE-2025-1980
- https://ready-os.com/pl/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.