CVE-2025-57794

CRITICAL

Explorance Blue < 8.14.9 - Unrestricted File Upload

Title source: rule

Description

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations.

References (4)

[Product] https://www.explorance.com/products/blue

[Vendor Advisory] https://online-help.explorance.com/blue/articles/security-advisories-(january-2026)

[Vendor Advisory] https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57794

[Third Party Advisory] https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0003.md

View Writeup ZIP pw:eip

Scores

CVSS v3 9.1

EPSS 0.0039

EPSS Percentile 60.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

explorance/blue < 8.14.9

Published Jan 28, 2026

Tracked Since Feb 18, 2026