Description

The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP (a ZIP containing another ZIP) where the inner archive contains an executable file (e.g. webshell.php). When the application extracts the uploaded archives, the executable may be extracted into a web-accessible directory. This can lead to remote code execution (RCE), data disclosure, account compromise, or further system compromise depending on the web server/process privileges. The issue arises from insufficient validation of archive contents and inadequate restrictions on extraction targets.

INFO

Published Date :

2025-12-04T00:00:00.000Z

Last Modified :

2026-03-11T20:05:31.958Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65806 vulnerability.

Vendors Products
E-point
  • Cms
  • E-point Cms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65806.

URL Resource
https://github.com/Bidon47/CVE-2025-65806/blob/main/CVE-2025-65806.md cve-icon cve-icon
https://www.e-point.pl/produkty/e-point-cms cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact