CVE-2025-10544

HIGH

DocAve 6.13.2-4.7.1 - Unrestricted File Upload

Title source: llm

Description

Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that compromise the system. In addition, it is vulnerable to Path Traversal, which allows files to be written to arbitrary directories within the web root.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-uploading-dangerous-file-types-avepoint-products

Scores

CVSS v4 8.6

EPSS 0.0005

EPSS Percentile 14.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (3)

AvePoint/Compliance Guardian < 4.7.1

AvePoint/DocAve 6.13.2

AvePoint/Perimeter 1.12.3

Published Sep 26, 2025

Tracked Since Feb 18, 2026