Description
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.
Exploits (1)
References (4)
Scores
CVSS v4
9.3
EPSS
0.0079
EPSS Percentile
74.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (6)
ReQuest Serious Play LLC/ReQuest Serious Play
2.0.1.823
ReQuest Serious Play LLC/ReQuest Serious Play
6.3.2.4203
ReQuest Serious Play LLC/ReQuest Serious Play
6.4.2.4681
ReQuest Serious Play LLC/ReQuest Serious Play
6.5.2.4954
ReQuest Serious Play LLC/ReQuest Serious Play
7.0.2.4954
ReQuest Serious Play LLC/ReQuest Serious Play Pro
7.0.3.4968
Published
Dec 05, 2025
Tracked Since
Feb 18, 2026