CVE-2025-56263HIGH 8.8EPSS p29.0%

CVE-2025-56263CVE-2025-56263

Description

by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.37% probability of exploitation · percentile 29.0% · 2026-06-19T12:03:05Z
Published2025-09-16
Last modified2025-10-17

Underlying weaknesses· 1

CWE-434

References

  1. https://github.com/by-night/sms/issues/50
  2. https://github.com/echo0d/vulnerability/blob/main/by-night_sms/fileUpload.md

1

TypeTargetConfidenceTier
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-55454
CVE
CVE-2025-61506
CVE
CVE-2025-9762
CVE
CVE-2025-56265
CVE
CVE-2025-3558
CVE
CVE-2025-46384
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.