CVE-2025-31342

CRITICAL

Galaxy Software Services Corporation Vitals ESP Forum Module <1.3 -...

Title source: llm
STIX 2.1

Description

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.

References (1)

Core 1
Core References
Vendor Advisory third-party-advisory
https://zuso.ai/advisory/za-2025-15

Scores

CVSS v4 9.3
EPSS 0.0007
EPSS Percentile 21.0%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
Galaxy Software Services Corporation/Vitals ESP < 1.3
Published Oct 20, 2025
Tracked Since Feb 18, 2026