CVE-2025-9060CRITICAL 9.1EPSS p38.8%

CVE-2025-9060CVE-2025-9060

Description

A vulnerability has been found in the  MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of parameters when setting up security components. This issue affects MFlash v. 8.0 and possibly others. To mitigate apply 8.2-653 hotfix 11.06.2025 and above.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.8% · 2026-06-19T12:03:05Z
Published2025-08-15
Last modified2026-04-15

Underlying weaknesses· 1

CWE-20

References

  1. https://github.com/klsecservices/Advisories/blob/master/K-MSoft-2025-002.md

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32968
CVE
CVE-2026-23780
CVE
CVE-2025-8748
CVE
CVE-2025-43560
CVE
CVE-2026-25201
CVE
CVE-2025-29045
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.