CVE-2025-13590
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk47th percentile - higher than 47% of all known CVEs
Summary
CVE-2025-13590 allows a malicious actor with administrative privileges to upload arbitrary files to a user-controlled location via a system REST API. Successful uploads may lead to remote code execution.
Risk Assessment
Exploitation of this vulnerability may allow a malicious actor to perform remote code execution, posing a serious threat to the security of the system and the organization's data.
Recommendation
It is recommended to restrict access to the system REST API and implement file upload validation mechanisms to prevent potential attacks.
Original NVD description (English source)
A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by uploading a specially crafted payload.

