CVE-2025-57460

CRITICAL

machpanel 8.0.32 - Unrestricted File Upload Leading to Webshell

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-57460. PoCs published by aljoharasubaie.

AI-analyzed exploit summary The repository describes a file upload vulnerability in machsol machpanel 8.0.32, allowing attackers to upload an ASPx webshell via the ticket submission page. The PoC lacks actual exploit code but provides clear steps to reproduce the vulnerability.

Description

File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.

Exploits (1)

nomisec WRITEUP 1 stars

by aljoharasubaie · poc

https://github.com/aljoharasubaie/CVE-2025-57460

View Code ZIP pw:eip

The repository describes a file upload vulnerability in machsol machpanel 8.0.32, allowing attackers to upload an ASPx webshell via the ticket submission page. The PoC lacks actual exploit code but provides clear steps to reproduce the vulnerability.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: machsol machpanel 8.0.32

Auth required

Prerequisites: Access to the ticket submission page · Valid credentials to submit a ticket

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/aljoharasubaie/CVE-2025-57460/blob/main/README.md

View Writeup ZIP pw:eip

Product

https://www.machsol.com/

Scores

CVSS v3 9.8

EPSS 0.0039

EPSS Percentile 30.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

machsol/machpanel 8.0.32

Published Dec 29, 2025

Tracked Since Feb 18, 2026