CVE-2025-8798

Summary

A vulnerability was found in oitcode samarium up to 0.9.6. It has been classified as critical. Affected is an unknown function of the file /dashboard/product of the component Create Product Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
oitcodesamarium0.9.0affected
oitcodesamarium0.9.1affected
oitcodesamarium0.9.2affected
oitcodesamarium0.9.3affected
oitcodesamarium0.9.4affected
oitcodesamarium0.9.5affected
oitcodesamarium0.9.6affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References