CVE-2025-5243

CRITICAL

CVSS v3.1: 10.0 · EPSS: 0.0222 (84.8 percentile)

NetworkNo privilegesNo user interactionOS Command InjectionUnrestricted Upload

Source data as of:

At a glance

Severity
CRITICAL
CVSS
10.0 v3.1 · NVD
EPSS
0.0222 (84.8 percentile) · FIRST.org
CISA KEV
No
Type
OS Command Injection, Unrestricted Upload · NVD CWE
Attack conditions (CVSS vector)
NetworkNo privilegesNo user interaction · Source: NVD Vector
Published
2025-07-24 · Modified: 2026-06-05
References
Jump to references (2)

CVSS / EPSS / KEV

CVSS v3.1 10.0 / 10 CRITICAL Source: NVD
EPSS 0.0222 84.8 percentile Source: FIRST.org
CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025.

Record details

CVE ID
CVE-2025-5243
CVSS (v3.1)
10.0 (CRITICAL)
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability subscore
3.9
Impact subscore
6.0
EPSS
0.0222 (84.8 percentile) — 2026-06-06
CISA KEV
No
Weakness (CWE)
CWE-78, CWE-434
Affected configurations (CPE)
0
Published
2025-07-24
Modified
2026-06-05
Status
Deferred

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Related records

Other records sharing a factual facet, for cross-reference. A descriptive neighbourhood — ordering does not imply priority and is not a recommendation.

Same weakness type (CWE)

CVE-2025-9588 CRITICAL CVSS 10.0 CVE-2026-45744 CRITICAL CVSS 9.9 CVE-2026-26832 CRITICAL CVSS 9.8 CVE-2026-45748 CRITICAL CVSS 9.8

Published the same year

CVE-2025-4285 CRITICAL CVSS 10.0 CVE-2025-4320 CRITICAL CVSS 10.0 CVE-2025-4378 CRITICAL CVSS 10.0 CVE-2025-9588 CRITICAL CVSS 10.0
← Back to all records