CVE-2025-0645

HIGH

Pyxis Signage <31012025 - Unrestricted Upload of File with Dangerou...

Title source: llm
STIX 2.1

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Pyxis Signage: through 31012025.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource
https://www.usom.gov.tr/bildirim/tr-25-0404

Scores

CVSS v3 7.2
EPSS 0.0006
EPSS Percentile 17.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
Narkom Communication and Software Technologies Trade Ltd. Co./Pyxis Signage < 31012025
Published Nov 20, 2025
Tracked Since Feb 18, 2026