← back
CVE-2025-31342

Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type

CVSS 9.3 CRITICALEPSS 0.5%CWE-434
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H
Affected products
Galaxy Software Services Corporation · Vitals ESP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://zuso.ai/advisory/za-2025-15