CVE-2025-0471: Unrestricted Upload of File with Dangerous Type vulnerability in PMB platform

9.9 CVSS

Description

Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.

Classification

CVE ID: CVE-2025-0471

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.9

Affected Products

Vendor: PMB Services

Product: PMB platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.64% (scored less or equal to compared to others)

EPSS Date: 2025-02-14 (when was this score calculated)

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform

Timeline

2025-01-17 00:30:55 UTC
CVE

Unrestricted Upload of File with Dangerous Type vulnerability in PMB platform