Is there a public PoC exploit available for CVE-2025-60947?

Yes, a public proof-of-concept exploit is available for CVE-2025-60947. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-60947?

Within 24 hours: Identify all Census CSWeb 8.0.1 instances in your environment and document current user access levels. Within 7 days: Apply vendor-released patch to all affected systems; coordinate with data stewardship teams given the sensitive nature of census/survey data. Within 30 days: Conduct access review for CSWeb administrative and upload accounts; implement enhanced monitoring for suspicious file upload activities; review server logs for unauthorized file uploads since deployment.

CVE-2025-60947

Q: What is the CVSS score of CVE-2025-60947?

CVE-2025-60947 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2025-208950 HIGH

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-03-23 cisa-cg

RCE File Upload

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:18 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

8.1.0

PoC Detected

Mar 25, 2026 - 21:07 vuln.today

Public exploit code

EUVD ID Assigned

Mar 23, 2026 - 21:30 euvd

EUVD-2025-208950

Analysis Generated

Mar 23, 2026 - 21:30 vuln.today

CVE Published

Mar 23, 2026 - 21:00 nvd

HIGH 8.7

DescriptionNVD

Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha.

AnalysisAI

Census CSWeb 8.0.1 contains an arbitrary file upload vulnerability allowing authenticated remote attackers to upload malicious files and achieve remote code execution. A public proof-of-concept exploit is available on GitHub (hx381/cspro-exploits), significantly increasing the risk of exploitation. The vulnerability affects the Census CSWeb data dissemination platform used for hosting census and survey data online.

Technical ContextAI

Census CSWeb is a web-based data dissemination platform for census and survey microdata. The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type), meaning the application fails to properly validate uploaded file types, extensions, or content before storing them in an accessible location. The affected product is identified via CPE as cpe:2.3:a:census:csweb:*:*:*:*:*:*:*:* with versions up to and including 8.0.1. This class of vulnerability typically arises from insufficient server-side validation of file uploads, allowing attackers to bypass client-side restrictions and upload executable files (such as web shells, scripts, or binaries) that can be triggered to execute arbitrary code on the server.

RemediationAI

Upgrade Census CSWeb to version 8.1.0 alpha or later immediately, as documented in the patch commit at https://github.com/csprousers/csweb/commit/eba0b59a243390a1a4f9524cce6dbc0314bf0d91. Organizations should review the CISA advisory at https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-082-01.json for additional guidance. Until patching is complete, implement compensating controls including restricting file upload functionality to only highly trusted administrator accounts, deploying web application firewall rules to block suspicious file extensions and MIME types, implementing strict file type validation and content inspection, and monitoring upload directories for unexpected files or web shells. Network segmentation should isolate CSWeb instances from critical infrastructure, and authentication should be reviewed to ensure no default or weak credentials exist that could satisfy the low privilege requirement for exploitation.

CVE-2025-60947 vulnerability details – vuln.today

Back

CVE-2025-60947

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

CVE-2025-60947

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code