How to fix CVE-2025-70995?

Within 24 hours: Identify all instances of Aranda Service Desk Web Edition 8.6 in production and restrict administrative access to trusted personnel only. Within 7 days: Implement network segmentation to isolate ASDK systems from critical business infrastructure and enable enhanced logging of file upload activities. Within 30 days: Contact Aranda for patch availability, evaluate migration to patched versions, or consider alternative service desk solutions if patches are not forthcoming.

CVE-2025-70995

HIGH

2026-03-05 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 05, 2026 - 21:16 nvd

HIGH 8.8

Description

An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile, which is processed by the ASP.NET runtime. The uploaded configuration file alters the execution context of the upload directory, enabling compilation and execution of attacker-controlled code (e.g., generation of an .aspx webshell). This allows remote command execution on the server without user interaction beyond authentication, impacting both On-Premise and SaaS deployments.

Analysis

An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. [CVSS 8.8 HIGH]

Technical Context

Classified as CWE-94 (Code Injection). An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile, which is processed by the ASP.NET runtime. The uploaded configuration file alters the execution context of the upload directory, enabling compilation and execution of attacker-controlled code (e.g., gene

Affected Products

Component: Aranda.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +44

POC: 0

CVE-2025-70995 vulnerability details – vuln.today

Back

CVE-2025-70995

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-70995

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code