{"cve":{"cve_id":"CVE-2025-10544","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00287,"epss_percentile":0.2025,"epss_as_of":"2026-06-23","description":"Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that compromise the system. In addition, it is vulnerable to Path Traversal, which allows files to be written to arbitrary directories within the web root.","published_at":"2025-09-26T09:51:12.104000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":8.6,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"HIGH","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-434"],"nvd_references":["https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-uploading-dangerous-file-types-avepoint-products"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:25:07.091606Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"avepoint","vendor_name":"AvePoint","product_slug":"compliance-guardian","product_name":"Compliance Guardian","version_start":"0","version_start_inclusive":true,"version_end":"4.7.1","version_end_inclusive":false,"cpe23_uri":"cve5:avepoint:compliance-guardian:0:4.7.1"},{"vendor_slug":"avepoint","vendor_name":"AvePoint","product_slug":"docave","product_name":"DocAve","version_start":"6.13.2","version_start_inclusive":true,"version_end":"6.13.2","version_end_inclusive":true,"cpe23_uri":"cve5:avepoint:docave:6.13.2:6.13.2"},{"vendor_slug":"avepoint","vendor_name":"AvePoint","product_slug":"perimeter","product_name":"Perimeter","version_start":"1.12.3","version_start_inclusive":true,"version_end":"1.12.3","version_end_inclusive":true,"cpe23_uri":"cve5:avepoint:perimeter:1.12.3:1.12.3"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-uploading-dangerous-file-types-avepoint-products","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-09-26T09:51:12.104000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:40:58.804819Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:58.804819Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:58.804819Z","label":"CVSS score revised","source":"cvelistv5"}]}