Search criteria
1 vulnerability by academico-sis
CVE-2025-10763 (GCVE-0-2025-10763)
Vulnerability from cvelistv5 – Published: 2025-09-21 05:02 – Updated: 2025-09-22 14:04
VLAI
Title
academico-sis academico Profile Picture edit-photo unrestricted upload
Summary
A vulnerability was determined in academico-sis academico up to d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab. Affected by this issue is some unknown functionality of the file /edit-photo of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.325118 | vdb-entry |
| https://vuldb.com/?ctiid.325118 | signaturepermissions-required |
| https://vuldb.com/?submit.646915 | third-party-advisory |
| https://gist.github.com/KhanMarshaI/86d0c1553355b… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| academico-sis | academico |
Affected:
d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10763",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T14:04:17.936976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T14:04:29.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Profile Picture Handler"
],
"product": "academico",
"vendor": "academico-sis",
"versions": [
{
"status": "affected",
"version": "d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "KhanMarshal (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in academico-sis academico up to d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab. Affected by this issue is some unknown functionality of the file /edit-photo of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In academico-sis academico bis d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab wurde eine Schwachstelle gefunden. Dies betrifft einen unbekannten Teil der Datei /edit-photo der Komponente Profile Picture Handler. Durch Beeinflussen mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Dieses Produkt verwendet ein Rolling-Release-Modell, um eine kontinuierliche Auslieferung zu gew\u00e4hrleisten. Daher sind keine Versionsdetails f\u00fcr betroffene oder aktualisierte Releases verf\u00fcgbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-21T05:02:05.454Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325118 | academico-sis academico Profile Picture edit-photo unrestricted upload",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.325118"
},
{
"name": "VDB-325118 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325118"
},
{
"name": "Submit #646915 | academico-sis academico OSS Current Unrestricted File Upload to RCE",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.646915"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/KhanMarshaI/86d0c1553355bb168084fffbdb6e7fea"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-20T09:31:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "academico-sis academico Profile Picture edit-photo unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10763",
"datePublished": "2025-09-21T05:02:05.454Z",
"dateReserved": "2025-09-20T07:25:53.597Z",
"dateUpdated": "2025-09-22T14:04:29.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}