EUVD-2026-25209
GHSA-4m3v-5p6w-fv99
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionNVD
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
AnalysisAI
Remote code execution in Borg SPM 2007 allows unauthenticated attackers to upload and execute web shell backdoors via unrestricted file upload vulnerability. This discontinued product (sales ended 2008) remains exploitable over the network with no authentication required, enabling full server compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Scan network infrastructure for active Borg SPM 2007 instances using port scanning and vulnerability assessment tools; isolate any discovered systems from internet-facing networks immediately. Within 7 days: Complete asset inventory of all Borg SPM 2007 systems; if business-critical, engage vendor support or third-party security firm for custom patching assessment; begin planning decommissioning timelines. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today