← Back to CVEs

CVE-2025-57794

CRITICAL

9.1

Description

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations.

CVE Details

CVSS v3.1 Score9.1

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredHIGH

User InteractionNONE

Published1/28/2026

Last Modified2/5/2026

Sourcenvd

Honeypot Sightings0

Affected Products

explorance:blue

Weaknesses (CWE)

CWE-434

References

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0003.md(mandiant-cve@google.com)

https://online-help.explorance.com/blue/articles/security-advisories-(january-2026)(mandiant-cve@google.com)

https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57794(mandiant-cve@google.com)

https://www.explorance.com/products/blue(mandiant-cve@google.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.