CVE Catalog

CVE-2025-13590

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.68%

47th percentile - higher than 47% of all known CVEs

Summary

CVE-2025-13590 allows a malicious actor with administrative privileges to upload arbitrary files to a user-controlled location via a system REST API. Successful uploads may lead to remote code execution.

Risk Assessment

Exploitation of this vulnerability may allow a malicious actor to perform remote code execution, posing a serious threat to the security of the system and the organization's data.

Recommendation

It is recommended to restrict access to the system REST API and implement file upload validation mechanisms to prevent potential attacks.

Original NVD description (English source)

A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by uploading a specially crafted payload.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS