CVE-2025-57794CRITICAL 9.1EPSS p41.5%

CVE-2025-57794CVE-2025-57794

Description

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.5% · 2026-06-19T12:03:05Z
Published2026-01-28
Last modified2026-02-05

Underlying weaknesses· 1

CWE-434

References

  1. https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0003.md
  2. https://online-help.explorance.com/blue/articles/security-advisories-(january-2026)
  3. https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57794
  4. https://www.explorance.com/products/blue

1

TypeTargetConfidenceTier
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-57795
CVE
CVE-2025-57793
CVE
CVE-2025-57792
CVE
CVE-2026-21628
CVE
CVE-2025-53120
CVE
CVE-2025-41735
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.