File Upload Vulnerability in TMS Management Console by TMS Global Software
CVE-2025-69828

10CRITICAL

Key Information:

Vendor: TMS Global Software
Status: TMS Management Console
Vendor: CVE Published:; 22 January 2026

🔔 Create TMS Global Software Vulnerability Alert

What is CVE-2025-69828?

The TMS Management Console version 6.3.7.27386.20250818 by TMS Global Software contains a file upload vulnerability that allows an attacker to execute arbitrary code remotely. This can occur via the Logo upload feature in the /Customer/AddEdit endpoint, which does not properly validate the uploaded files. Malicious attackers can exploit this weakness to gain unauthorized access and control over the affected system, emphasizing the importance of implementing proper file validation and security measures.

References

https://tmsglobalsoft.com

https://github.com/ZuoqTr/CVE/blob/main/CVE-2025-69828.md

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Jan 9, 2026

JSON