CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-57795

CVSS 9.9v3.1pub. 2026-01-28upd. 2026-02-05

Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) consists of the lack of proper validation of file types uploaded or downloaded by the web service component. An authenticated user can upload a file of a dangerous type (e.g., executable server script), which is then saved and can be executed on the server side. In default Explorance Blue configurations, this mechanism is available without additional restrictions, enabling direct achievement of remote code execution.

Impact

An attacker with an account in the system can obtain full remote code execution (RCE) on the application server, which in practice means the ability to take control of the system, access data, modify it or destroy it. The high scope of impact (Scope: Changed) indicates that the consequences may extend beyond the application itself and affect other resources in the server environment.

Mitigation & patch

Explorance Blue should be immediately updated to version 8.14.13 or newer, in accordance with the vendor's recommendations published in the security bulletin from January 2026 (available in the vendor's references). Until the patch is implemented, it is recommended to restrict access to the vulnerable web service component at the network level and to verify the permissions of user accounts in the system.

Who is affected

Explorance Blue in versions earlier than 8.14.13

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Explorance Blue

    APP
    Explorance
    < 8.14.13
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-57792CRITICAL10.0PL ✓ten sam produkt

SQL Injection bez uwierzytelnienia w Explorance Blue (CVE-2025-57792)

CVE-2025-57794CRITICAL9.1PL ✓ten sam produkt

RCE przez unrestricted file upload w Explorance Blue (panel admina)

CVE-2025-57793HIGH8.6ten sam produkt

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validati...

CVE-2025-57796MEDIUM6.8ten sam produkt

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to p...

CVE-2025-52344MEDIUM6.1ten sam produkt

Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers ...