7.5
CVE-2025-10371
- EPSS 0.06%
- Veröffentlicht 13.09.2025 17:32:06
- Zuletzt bearbeitet 09.01.2026 01:15:42
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. The manipulation of the argument setrfidlist results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellereCharge Hardy Barth
≫
Produkt
Salia PLCC
Version
2.3.0
Status
affected
Version
2.3.1
Status
affected
Version
2.3.2
Status
affected
Version
2.3.3
Status
affected
Version
2.3.4
Status
affected
Version
2.3.5
Status
affected
Version
2.3.6
Status
affected
Version
2.3.7
Status
affected
Version
2.3.8
Status
affected
Version
2.3.9
Status
affected
Version
2.3.10
Status
affected
Version
2.3.11
Status
affected
Version
2.3.12
Status
affected
Version
2.3.13
Status
affected
Version
2.3.14
Status
affected
Version
2.3.15
Status
affected
Version
2.3.16
Status
affected
Version
2.3.17
Status
affected
Version
2.3.18
Status
affected
Version
2.3.19
Status
affected
Version
2.3.20
Status
affected
Version
2.3.21
Status
affected
Version
2.3.22
Status
affected
Version
2.3.23
Status
affected
Version
2.3.24
Status
affected
Version
2.3.25
Status
affected
Version
2.3.26
Status
affected
Version
2.3.27
Status
affected
Version
2.3.28
Status
affected
Version
2.3.29
Status
affected
Version
2.3.30
Status
affected
Version
2.3.31
Status
affected
Version
2.3.32
Status
affected
Version
2.3.33
Status
affected
Version
2.3.34
Status
affected
Version
2.3.35
Status
affected
Version
2.3.36
Status
affected
Version
2.3.37
Status
affected
Version
2.3.38
Status
affected
Version
2.3.39
Status
affected
Version
2.3.40
Status
affected
Version
2.3.41
Status
affected
Version
2.3.42
Status
affected
Version
2.3.43
Status
affected
Version
2.3.44
Status
affected
Version
2.3.45
Status
affected
Version
2.3.46
Status
affected
Version
2.3.47
Status
affected
Version
2.3.48
Status
affected
Version
2.3.49
Status
affected
Version
2.3.50
Status
affected
Version
2.3.51
Status
affected
Version
2.3.52
Status
affected
Version
2.3.53
Status
affected
Version
2.3.54
Status
affected
Version
2.3.55
Status
affected
Version
2.3.56
Status
affected
Version
2.3.57
Status
affected
Version
2.3.58
Status
affected
Version
2.3.59
Status
affected
Version
2.3.60
Status
affected
Version
2.3.61
Status
affected
Version
2.3.62
Status
affected
Version
2.3.63
Status
affected
Version
2.3.64
Status
affected
Version
2.3.65
Status
affected
Version
2.3.66
Status
affected
Version
2.3.67
Status
affected
Version
2.3.68
Status
affected
Version
2.3.69
Status
affected
Version
2.3.70
Status
affected
Version
2.3.71
Status
affected
Version
2.3.72
Status
affected
Version
2.3.73
Status
affected
Version
2.3.74
Status
affected
Version
2.3.75
Status
affected
Version
2.3.76
Status
affected
Version
2.3.77
Status
affected
Version
2.3.78
Status
affected
Version
2.3.79
Status
affected
Version
2.3.80
Status
affected
Version
2.3.81
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.176 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.