EUVD-2025-208753

| CVE-2025-65734 MEDIUM
2026-03-16 mitre
5.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 17:19 vuln.today
EUVD ID Assigned
Mar 16, 2026 - 17:19 euvd
EUVD-2025-208753
CVE Published
Mar 16, 2026 - 00:00 nvd
MEDIUM 5.4

Tags

RCE XSS File Upload

Description

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file.

Analysis

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file.

Technical Context

Unrestricted file upload allows attackers to upload malicious files (web shells, executables) that can then be executed on the server.

Affected Products

Affected products: N/A N/A

Remediation

Validate file types by content (magic bytes), not just extension. Store uploads outside the web root. Use random filenames. Scan uploads for malware.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +27
POC: 0

Share

EUVD-2025-208753 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy