CVE-2025-6076
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an authenticated attacker to upload a malicious file and compromise the device. By default, the software runs as SYSTEM, heightening the severity of the vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Partner Software | Partner Web | 4.32 < 4.32.2 | affected |
Weaknesses
- CWE-434 Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.