File Upload Vulnerability in PMB Platform Affects Multiple Versions
CVE-2025-0473

6.5MEDIUM

Key Information:

Vendor: Pmb Services
Status: Pmb Platform
Vendor: CVE Published:; 16 January 2025

Summary

The PMB platform is susceptible to a file upload vulnerability that allows an attacker to persist temporary files on the server. This issue arises at the '/pmb/authorities/import/iimport_authorities' endpoint, where a malicious user can disrupt the automated deletion of temporary files. By intercepting and manipulating the POST request that follows a file upload, an attacker can exploit this flaw to retain sensitive information on the server, potentially leading to further security breaches.

Affected Version(s)

PMB platform 4.0.10

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 14, 2025

Credit

Pau Valls Peleteiro