- Description
- In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated with a valid user account.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- secalert@redhat.com
- CWE-94
- Hype score
- Not currently trending
🚨 CVE-2025-1782 ⚠️🔴 CRITICAL (9.9) 🏢 Unknown Vendor - HylaFAX Enterprise Web Interface 🏗️ 0 🔗 https://t.co/WV0WlBPUSU #CyberCron #VulnAlert #InfoSec https://t.co/gg8pc0wnMM
@cybercronai
16 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-1782 - HylaFAX Enterprise Web Interface and AvantFAX - HIGH 🚨 🗓️ Date published 2025-04-14 19:15:36 UTC #HylaFAXEnterpriseWebInterfaceandAvantFAX #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/i0LOTNd3IK
@vulns_space
14 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1782: CRITICAL] Vulnerability alert: Unsanitized form element in HylaFAX Web Interface & AvantFAX can lead to arbitrary file inclusion & potential server takeover by authenticated attackers.#cybersecurity,#vulnerability https://t.co/Fw6gu0rBw9 https://t.co/AoQ5I
@CveFindCom
14 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1782 In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file… https://t.co/q5fLujquVv
@CVEnew
14 Apr 2025
431 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes