Remote File Upload Vulnerability in Product by Vendor
CVE-2025-0731

6.5MEDIUM

Key Information:

Vendor: Sma
Status: Www.sunnyportal.com
Vendor: CVE Published:; 26 February 2025

Summary

A vulnerability allows an unauthenticated remote attacker to upload a malicious .aspx file instead of a legitimate PV system image through a demo account. This compromise can potentially lead to unauthorized code execution in the context of the user. It is critical for users to ensure that their systems are secured against this exploitation.

Affected Version(s)

www.sunnyportal.com 0 < 19.02.2024

References

https://cert.vde.com/en/advisories/VDE-2025-012

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Jan 27, 2025

Credit

Francesco La Spina from Forescout Technologies Inc.