Aris
CVE-2025-66837
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware
AnalysisAI
A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware [CVSS 6.8 MEDIUM]
Technical ContextAI
Classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). Affects Aris. A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware
RemediationAI
Monitor vendor advisories for a patch. Validate file types by content. Store uploads outside web root. Restrict network access to the affected service where possible.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today