CVE-2025-3169

CVSS 3.1 Score 6.6 of 10 (medium)

Details

Published Apr 3, 2025

Updated: Apr 7, 2025

CWE ID 78

Summary

CVE-2025-3169 is a critical vulnerability affecting Projeqtor up to version 12.0.2. This issue resides in an unknown functionality of the file /tool/saveAttachment.php, where manipulation of the argument attachmentFiles results in an unrestricted upload. The attack can be launched remotely, but the complexity and difficulty of exploitation are high, with the exploit having been disclosed to the public. The vulnerability can only be effectively exploited on insecurely installed instances, as the vendor advises keeping the attachment directory out of web reach. Upgrading to version 12.0.3 is recommended to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Drupal Connect Inc

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners