cbcvebase.
CVE-2014-2025
published 2020-01-31

CVE-2014-2025: Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before…

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.97%
89.2th percentile
Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.

Affected

14 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 3.18.0 < 5.10.2485.10.248
linuxlinux_kernel>= 5.11.0 < 5.15.1985.15.198
linuxlinux_kernel>= 5.16.0 < 6.1.1606.1.160
linuxlinux_kernel>= 6.13.0 < 6.18.46.18.4
linuxlinux_kernel>= 6.2.0 < 6.6.1206.6.120
linuxlinux_kernel>= 6.7.0 < 6.12.646.12.64
msrccbl2_python-lxml_4.8.0-1_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_python-lxml_4.6.3-1_on_cbl_mariner_1.0
unitedplanetintrexx
unitedplanetintrexx

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.1HIGH
vendor_redhat7.8HIGH
vendor_msrc6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.