CVE-2025-2819 (GCVE-0-2025-2819)
Vulnerability from cvelistv5 – Published: 2025-03-26 14:49 – Updated: 2025-03-26 15:17
VLAI
Title
Unrestricted Fileupload
Summary
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.
Severity
6.6 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | GT-SoftControl |
Affected:
0.0 , < 6.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T15:17:38.843313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T15:17:46.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GT-SoftControl",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\n\n\u003cbr\u003e"
}
],
"value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T14:49:38.291Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0001.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Software to the current version of the corresponding Software.\n\n\u003cbr\u003e"
}
],
"value": "Update Software to the current version of the corresponding Software."
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0001",
"discovery": "UNKNOWN"
},
"title": "Unrestricted Fileupload",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent unauthorized physical access to the device\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable E-Service to prevent remote access\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "* Prevent unauthorized physical access to the device\n * Disable E-Service to prevent remote access"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-2819",
"datePublished": "2025-03-26T14:49:38.291Z",
"dateReserved": "2025-03-26T14:42:48.119Z",
"dateUpdated": "2025-03-26T15:17:46.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-2819",
"date": "2026-05-29",
"epss": "0.00047",
"percentile": "0.14823"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-2819\",\"sourceIdentifier\":\"0beee27a-7d8c-424f-8e46-ac453fa147e6\",\"published\":\"2025-03-26T15:16:21.970\",\"lastModified\":\"2025-03-27T16:45:27.850\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\"},{\"lang\":\"es\",\"value\":\"Existe el riesgo de cargas no autorizadas de archivos en GT-SoftControl y posibles sobrescrituras de archivos debido a una validaci\u00f3n insuficiente en el proceso de selecci\u00f3n. Esto podr\u00eda generar problemas de integridad de los datos y acceso no autorizado por parte de un usuario con privilegios autenticados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"0beee27a-7d8c-424f-8e46-ac453fa147e6\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"0beee27a-7d8c-424f-8e46-ac453fa147e6\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"references\":[{\"url\":\"https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0001.pdf\",\"source\":\"0beee27a-7d8c-424f-8e46-ac453fa147e6\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2819\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-26T15:17:38.843313Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-26T15:17:42.564Z\"}}], \"cna\": {\"title\": \"Unrestricted Fileupload\", \"source\": {\"advisory\": \"BIZERBA-SA-2025-0001\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Bizerba SE \u0026 Co. KG\", \"product\": \"GT-SoftControl\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0\", \"lessThan\": \"6.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update Software to the current version of the corresponding Software.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update Software to the current version of the corresponding Software.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0001.pdf\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"* Prevent unauthorized physical access to the device\\n * Disable E-Service to prevent remote access\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cul\u003e\u003cli\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003ePrevent unauthorized physical access to the device\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable E-Service to prevent remote access\u003c/li\u003e\u003c/ul\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"0beee27a-7d8c-424f-8e46-ac453fa147e6\", \"shortName\": \"bizerba\", \"dateUpdated\": \"2025-03-26T14:49:38.291Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-2819\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-26T15:17:46.739Z\", \"dateReserved\": \"2025-03-26T14:42:48.119Z\", \"assignerOrgId\": \"0beee27a-7d8c-424f-8e46-ac453fa147e6\", \"datePublished\": \"2025-03-26T14:49:38.291Z\", \"assignerShortName\": \"bizerba\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…