CVE-2025-9060

A vulnerability has been found in the MSoft MFlash

 application that allows 
execution of arbitrary code on the server. The issue occurs in the 
integration configuration functionality that is only available to 
MFlash


 administrators. The vulnerability is related to insufficient validation
 of parameters when setting up security components.

This issue affects MFlash v. 8.0 and possibly others. To mitigate apply8.2-653 hotfix 11.06.2025 and above.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
KasperskyCNA
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/klsecservices/Advisories/blob/master/K-MSoft-2025-002.md