CVE-2025-66837

MEDIUM

ARIS < 10.0.23.0.3587512 - Remote Code Execution via Crafted PDF Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-66837. PoCs published by saykino.

AI-analyzed exploit summary The repository contains a README describing CVE-2025-66837, a file upload vulnerability in ARIS software allowing arbitrary code execution via crafted PDF files. No exploit code is provided, only vulnerability details and mitigations.

Description

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware

Exploits (1)

nomisec WRITEUP

by saykino · poc

https://github.com/saykino/CVE-2025-66837

View Code ZIP pw:eip

The repository contains a README describing CVE-2025-66837, a file upload vulnerability in ARIS software allowing arbitrary code execution via crafted PDF files. No exploit code is provided, only vulnerability details and mitigations.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: ARIS versions before 10.0.23.0.3587512

Auth required

Prerequisites: Authenticated access to ARIS · Ability to upload files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/saykino/CVE-2025-66837/

View Writeup ZIP pw:eip

Product

https://www.softwareag.com/

Scores

CVSS v3 6.8

EPSS 0.0025

EPSS Percentile 16.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

softwareag/aris < 10.0.23.0.3587512

Published Jan 07, 2026

Tracked Since Feb 18, 2026