Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
High privilege required to access file export/upload; scope changes because file writes affect the broader server filesystem beyond the application boundary; low C for path disclosure, low I for arbitrary file write.
Primary rating from Vendor (CERT-PL).
CVSS VectorVendor: CERT-PL
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages.
Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
AnalysisAI
Path traversal and path disclosure in MyComplianceOffice MCO's file handling functionality expose authenticated high-privilege users' ability to write files to arbitrary server locations and leak absolute server paths through error messages. Confirmed in version 25.3.3.1 via CERT-PL research, with other versions potentially affected given unsuccessful vendor contact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires authenticated access with high privileges (PR:H per CVSS 4.0 vector) specifically to the data export and upload functionality within MCO. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.1 reflects a medium-severity finding with a network attack vector (AV:N) but a high privilege requirement (PR:H), which is the dominant risk-limiting factor. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with high-privilege access to MCO - such as a malicious insider or an actor who has separately compromised an administrator credential - navigates to the data export or upload functionality and submits a crafted filename parameter containing directory traversal sequences. The server writes the submitted file to an arbitrary location on the filesystem (e.g., a web-accessible directory or a configuration path), potentially enabling secondary impacts such as configuration tampering or web shell placement. … |
| Remediation | No vendor-released patch has been identified at time of analysis; vendor contact attempts by CERT-PL were unsuccessful. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Privilege escalation in MyComplianceOffice (MCO) compliance platform version 25.3.3.1 lets an authenticated user add the
User enumeration in MyComplianceOffice (MCO) version 25.3.3.1 allows unauthenticated remote attackers to identify valid
Account denial-of-service in MyComplianceOffice MCO 25.3.3.1 enables a remote attacker to permanently lock a targeted us
Unrestricted file upload in MyComplianceOffice MCO version 25.3.3.1 allows an authenticated low-privileged attacker to u
MCO's compliance management platform exposes administrator ACL tree structures to any authenticated low-privileged user
Insecure Direct Object Reference in MyComplianceOffice MCO version 25.3.3.1 allows authenticated users to retrieve tradi
Stored XSS in MyComplianceOffice MCO version 25.3.3.1 allows a privileged attacker with logo-upload rights to plant mali
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40952
GHSA-qwcf-5293-mm28