An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.
                
            Metrics
Affected Vendors & Products
References
        | Link | Providers | 
|---|---|
| https://zuso.ai/advisory |     | 
History
                    Tue, 21 Oct 2025 09:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Galaxy Software Services Corporation Galaxy Software Services Corporation vitals Esp | |
| Vendors & Products | Galaxy Software Services Corporation Galaxy Software Services Corporation vitals Esp | 
Mon, 20 Oct 2025 14:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Mon, 20 Oct 2025 08:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file. | |
| Title | Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type | |
| Weaknesses | CWE-434 | |
| References |  | |
| Metrics | cvssV4_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: ZUSO ART
Published: 2025-10-20T07:56:46.352Z
Updated: 2025-10-20T13:41:48.653Z
Reserved: 2025-03-28T07:11:21.680Z
Link: CVE-2025-31342
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-10-20T13:37:27.339Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2025-10-20T08:15:32.570
Modified: 2025-10-21T19:31:25.450
Link: CVE-2025-31342
 Redhat
                        Redhat
                    No data.