What is the CVSS score of CVE-2025-10465?

CVE-2025-10465 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Birtech Information Technologies Industry are affected by CVE-2025-10465?

Sensaway products are vulnerable to arbitrary file upload attacks that could allow attackers to execute malicious code on affected systems.

How to fix or mitigate CVE-2025-10465?

Within 24 hours: Identify all Sensaway deployments in your environment and assess user access patterns. Within 7 days: Implement network segmentation to restrict Sensaway access to trusted users only and enable comprehensive logging on upload functions. Within 30 days: Coordinate with Birtech for patch availability timeline and establish a formal remediation plan; consider alternate solutions if patch timeline is unacceptable.

Birtech Information Technologies Industry CVE-2025-10465

HIGH

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-02-09 iletisim@usom.gov.tr

File Upload

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 09, 2026 - 14:16 nvd

HIGH 8.8

DescriptionNVD

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.

AnalysisAI

Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

Technical ContextAI

This vulnerability (CWE-434: Unrestricted Upload of File with Dangerous Type) affects Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway. Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: Because the product was developed using outdated technology, the manufacturer is unable to fix the relevant vulnerabilities. Users of the Sensaway application are advised to contact the manufacturer and review updated products developed with newer technology.

Affected ProductsAI

Product: Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway.

RemediationAI

Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.

CVE-2025-10465 vulnerability details – vuln.today

Back

Birtech Information Technologies Industry CVE-2025-10465

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code