CVE-2025-10544

EUVD-2025-31328
Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that compromise the system. In addition, it is vulnerable to Path Traversal, which allows files to be written to arbitrary directories within the web root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
INCIBECNA
8.6 HIGH
NETWORK
LOW
HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
avepointdocave
6.13.2
CNA
avepointdocave
1.12.3
CNA
avepointdocave
𝑥
< 4.7.1
CNA
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-uploading-dangerous-file-types-avepoint-products