CVE-2025-5873 (GCVE-0-2025-5873)
Vulnerability from cvelistv5 – Published: 2025-06-09 10:31 – Updated: 2026-01-09 00:12
VLAI?
Title
eCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted upload
Summary
A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2.3.81. Affected by this issue is some unknown functionality of the file /firmware.php of the component Web UI. Performing a manipulation of the argument media results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eCharge Hardy Barth | Salia PLCC |
Affected:
2.3.0
Affected: 2.3.1 Affected: 2.3.2 Affected: 2.3.3 Affected: 2.3.4 Affected: 2.3.5 Affected: 2.3.6 Affected: 2.3.7 Affected: 2.3.8 Affected: 2.3.9 Affected: 2.3.10 Affected: 2.3.11 Affected: 2.3.12 Affected: 2.3.13 Affected: 2.3.14 Affected: 2.3.15 Affected: 2.3.16 Affected: 2.3.17 Affected: 2.3.18 Affected: 2.3.19 Affected: 2.3.20 Affected: 2.3.21 Affected: 2.3.22 Affected: 2.3.23 Affected: 2.3.24 Affected: 2.3.25 Affected: 2.3.26 Affected: 2.3.27 Affected: 2.3.28 Affected: 2.3.29 Affected: 2.3.30 Affected: 2.3.31 Affected: 2.3.32 Affected: 2.3.33 Affected: 2.3.34 Affected: 2.3.35 Affected: 2.3.36 Affected: 2.3.37 Affected: 2.3.38 Affected: 2.3.39 Affected: 2.3.40 Affected: 2.3.41 Affected: 2.3.42 Affected: 2.3.43 Affected: 2.3.44 Affected: 2.3.45 Affected: 2.3.46 Affected: 2.3.47 Affected: 2.3.48 Affected: 2.3.49 Affected: 2.3.50 Affected: 2.3.51 Affected: 2.3.52 Affected: 2.3.53 Affected: 2.3.54 Affected: 2.3.55 Affected: 2.3.56 Affected: 2.3.57 Affected: 2.3.58 Affected: 2.3.59 Affected: 2.3.60 Affected: 2.3.61 Affected: 2.3.62 Affected: 2.3.63 Affected: 2.3.64 Affected: 2.3.65 Affected: 2.3.66 Affected: 2.3.67 Affected: 2.3.68 Affected: 2.3.69 Affected: 2.3.70 Affected: 2.3.71 Affected: 2.3.72 Affected: 2.3.73 Affected: 2.3.74 Affected: 2.3.75 Affected: 2.3.76 Affected: 2.3.77 Affected: 2.3.78 Affected: 2.3.79 Affected: 2.3.80 Affected: 2.3.81 |
Credits
XU17 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T17:47:53.089620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T17:48:02.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web UI"
],
"product": "Salia PLCC",
"vendor": "eCharge Hardy Barth",
"versions": [
{
"status": "affected",
"version": "2.3.0"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.3.4"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.3.6"
},
{
"status": "affected",
"version": "2.3.7"
},
{
"status": "affected",
"version": "2.3.8"
},
{
"status": "affected",
"version": "2.3.9"
},
{
"status": "affected",
"version": "2.3.10"
},
{
"status": "affected",
"version": "2.3.11"
},
{
"status": "affected",
"version": "2.3.12"
},
{
"status": "affected",
"version": "2.3.13"
},
{
"status": "affected",
"version": "2.3.14"
},
{
"status": "affected",
"version": "2.3.15"
},
{
"status": "affected",
"version": "2.3.16"
},
{
"status": "affected",
"version": "2.3.17"
},
{
"status": "affected",
"version": "2.3.18"
},
{
"status": "affected",
"version": "2.3.19"
},
{
"status": "affected",
"version": "2.3.20"
},
{
"status": "affected",
"version": "2.3.21"
},
{
"status": "affected",
"version": "2.3.22"
},
{
"status": "affected",
"version": "2.3.23"
},
{
"status": "affected",
"version": "2.3.24"
},
{
"status": "affected",
"version": "2.3.25"
},
{
"status": "affected",
"version": "2.3.26"
},
{
"status": "affected",
"version": "2.3.27"
},
{
"status": "affected",
"version": "2.3.28"
},
{
"status": "affected",
"version": "2.3.29"
},
{
"status": "affected",
"version": "2.3.30"
},
{
"status": "affected",
"version": "2.3.31"
},
{
"status": "affected",
"version": "2.3.32"
},
{
"status": "affected",
"version": "2.3.33"
},
{
"status": "affected",
"version": "2.3.34"
},
{
"status": "affected",
"version": "2.3.35"
},
{
"status": "affected",
"version": "2.3.36"
},
{
"status": "affected",
"version": "2.3.37"
},
{
"status": "affected",
"version": "2.3.38"
},
{
"status": "affected",
"version": "2.3.39"
},
{
"status": "affected",
"version": "2.3.40"
},
{
"status": "affected",
"version": "2.3.41"
},
{
"status": "affected",
"version": "2.3.42"
},
{
"status": "affected",
"version": "2.3.43"
},
{
"status": "affected",
"version": "2.3.44"
},
{
"status": "affected",
"version": "2.3.45"
},
{
"status": "affected",
"version": "2.3.46"
},
{
"status": "affected",
"version": "2.3.47"
},
{
"status": "affected",
"version": "2.3.48"
},
{
"status": "affected",
"version": "2.3.49"
},
{
"status": "affected",
"version": "2.3.50"
},
{
"status": "affected",
"version": "2.3.51"
},
{
"status": "affected",
"version": "2.3.52"
},
{
"status": "affected",
"version": "2.3.53"
},
{
"status": "affected",
"version": "2.3.54"
},
{
"status": "affected",
"version": "2.3.55"
},
{
"status": "affected",
"version": "2.3.56"
},
{
"status": "affected",
"version": "2.3.57"
},
{
"status": "affected",
"version": "2.3.58"
},
{
"status": "affected",
"version": "2.3.59"
},
{
"status": "affected",
"version": "2.3.60"
},
{
"status": "affected",
"version": "2.3.61"
},
{
"status": "affected",
"version": "2.3.62"
},
{
"status": "affected",
"version": "2.3.63"
},
{
"status": "affected",
"version": "2.3.64"
},
{
"status": "affected",
"version": "2.3.65"
},
{
"status": "affected",
"version": "2.3.66"
},
{
"status": "affected",
"version": "2.3.67"
},
{
"status": "affected",
"version": "2.3.68"
},
{
"status": "affected",
"version": "2.3.69"
},
{
"status": "affected",
"version": "2.3.70"
},
{
"status": "affected",
"version": "2.3.71"
},
{
"status": "affected",
"version": "2.3.72"
},
{
"status": "affected",
"version": "2.3.73"
},
{
"status": "affected",
"version": "2.3.74"
},
{
"status": "affected",
"version": "2.3.75"
},
{
"status": "affected",
"version": "2.3.76"
},
{
"status": "affected",
"version": "2.3.77"
},
{
"status": "affected",
"version": "2.3.78"
},
{
"status": "affected",
"version": "2.3.79"
},
{
"status": "affected",
"version": "2.3.80"
},
{
"status": "affected",
"version": "2.3.81"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XU17 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2.3.81. Affected by this issue is some unknown functionality of the file /firmware.php of the component Web UI. Performing a manipulation of the argument media results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T00:12:30.422Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311632 | eCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311632"
},
{
"name": "VDB-311632 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311632"
},
{
"name": "Submit #585733 | Salia PLCC Salia PLCC Slave v2.2.0",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.585733"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/YZS17/CVE/blob/main/Salia_PLCC/Salia_PLCC_Slave_v2.2.0_File_Upload.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-09T01:16:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "eCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5873",
"datePublished": "2025-06-09T10:31:04.727Z",
"dateReserved": "2025-06-08T17:49:54.645Z",
"dateUpdated": "2026-01-09T00:12:30.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-5873\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-06-09T11:15:22.240\",\"lastModified\":\"2026-01-09T01:15:42.833\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2.3.81. Affected by this issue is some unknown functionality of the file /firmware.php of the component Web UI. Performing a manipulation of the argument media results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en eCharge Hardy Barth Salia PLCC 2.2.0. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /firmware.php del componente Web UI. La manipulaci\u00f3n del argumento \\\"media\\\" permite la carga sin restricciones. El ataque puede iniciarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"references\":[{\"url\":\"https://github.com/YZS17/CVE/blob/main/Salia_PLCC/Salia_PLCC_Slave_v2.2.0_File_Upload.md\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.311632\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.311632\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.585733\",\"source\":\"cna@vuldb.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5873\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-09T17:47:53.089620Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-09T17:47:58.237Z\"}}], \"cna\": {\"title\": \"eCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted upload\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"XU17 (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 6.5, \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"vendor\": \"eCharge Hardy Barth\", \"modules\": [\"Web UI\"], \"product\": \"Salia PLCC\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.3.0\"}, {\"status\": \"affected\", \"version\": \"2.3.1\"}, {\"status\": \"affected\", \"version\": \"2.3.2\"}, {\"status\": \"affected\", \"version\": \"2.3.3\"}, {\"status\": \"affected\", \"version\": \"2.3.4\"}, {\"status\": \"affected\", \"version\": \"2.3.5\"}, {\"status\": \"affected\", \"version\": \"2.3.6\"}, {\"status\": \"affected\", \"version\": \"2.3.7\"}, {\"status\": \"affected\", \"version\": \"2.3.8\"}, {\"status\": \"affected\", \"version\": \"2.3.9\"}, {\"status\": \"affected\", \"version\": \"2.3.10\"}, {\"status\": \"affected\", \"version\": \"2.3.11\"}, {\"status\": \"affected\", \"version\": \"2.3.12\"}, {\"status\": \"affected\", \"version\": \"2.3.13\"}, {\"status\": \"affected\", \"version\": \"2.3.14\"}, {\"status\": \"affected\", \"version\": \"2.3.15\"}, {\"status\": \"affected\", \"version\": \"2.3.16\"}, {\"status\": \"affected\", \"version\": \"2.3.17\"}, {\"status\": \"affected\", \"version\": \"2.3.18\"}, {\"status\": \"affected\", \"version\": \"2.3.19\"}, {\"status\": \"affected\", \"version\": \"2.3.20\"}, {\"status\": \"affected\", \"version\": \"2.3.21\"}, {\"status\": \"affected\", \"version\": \"2.3.22\"}, {\"status\": \"affected\", \"version\": \"2.3.23\"}, {\"status\": \"affected\", \"version\": \"2.3.24\"}, {\"status\": \"affected\", \"version\": \"2.3.25\"}, {\"status\": \"affected\", \"version\": \"2.3.26\"}, {\"status\": \"affected\", \"version\": \"2.3.27\"}, {\"status\": \"affected\", \"version\": \"2.3.28\"}, {\"status\": \"affected\", \"version\": \"2.3.29\"}, {\"status\": \"affected\", \"version\": \"2.3.30\"}, {\"status\": \"affected\", \"version\": \"2.3.31\"}, {\"status\": \"affected\", \"version\": \"2.3.32\"}, {\"status\": \"affected\", \"version\": \"2.3.33\"}, {\"status\": \"affected\", \"version\": \"2.3.34\"}, {\"status\": \"affected\", \"version\": \"2.3.35\"}, {\"status\": \"affected\", \"version\": \"2.3.36\"}, {\"status\": \"affected\", \"version\": \"2.3.37\"}, {\"status\": \"affected\", \"version\": \"2.3.38\"}, {\"status\": \"affected\", \"version\": \"2.3.39\"}, {\"status\": \"affected\", \"version\": \"2.3.40\"}, {\"status\": \"affected\", \"version\": \"2.3.41\"}, {\"status\": \"affected\", \"version\": \"2.3.42\"}, {\"status\": \"affected\", \"version\": \"2.3.43\"}, {\"status\": \"affected\", \"version\": \"2.3.44\"}, {\"status\": \"affected\", \"version\": \"2.3.45\"}, {\"status\": \"affected\", \"version\": \"2.3.46\"}, {\"status\": \"affected\", \"version\": \"2.3.47\"}, {\"status\": \"affected\", \"version\": \"2.3.48\"}, {\"status\": \"affected\", \"version\": \"2.3.49\"}, {\"status\": \"affected\", \"version\": \"2.3.50\"}, {\"status\": \"affected\", \"version\": \"2.3.51\"}, {\"status\": \"affected\", \"version\": \"2.3.52\"}, {\"status\": \"affected\", \"version\": \"2.3.53\"}, {\"status\": \"affected\", \"version\": \"2.3.54\"}, {\"status\": \"affected\", \"version\": \"2.3.55\"}, {\"status\": \"affected\", \"version\": \"2.3.56\"}, {\"status\": \"affected\", \"version\": \"2.3.57\"}, {\"status\": \"affected\", \"version\": \"2.3.58\"}, {\"status\": \"affected\", \"version\": \"2.3.59\"}, {\"status\": \"affected\", \"version\": \"2.3.60\"}, {\"status\": \"affected\", \"version\": \"2.3.61\"}, {\"status\": \"affected\", \"version\": \"2.3.62\"}, {\"status\": \"affected\", \"version\": \"2.3.63\"}, {\"status\": \"affected\", \"version\": \"2.3.64\"}, {\"status\": \"affected\", \"version\": \"2.3.65\"}, {\"status\": \"affected\", \"version\": \"2.3.66\"}, {\"status\": \"affected\", \"version\": \"2.3.67\"}, {\"status\": \"affected\", \"version\": \"2.3.68\"}, {\"status\": \"affected\", \"version\": \"2.3.69\"}, {\"status\": \"affected\", \"version\": \"2.3.70\"}, {\"status\": \"affected\", \"version\": \"2.3.71\"}, {\"status\": \"affected\", \"version\": \"2.3.72\"}, {\"status\": \"affected\", \"version\": \"2.3.73\"}, {\"status\": \"affected\", \"version\": \"2.3.74\"}, {\"status\": \"affected\", \"version\": \"2.3.75\"}, {\"status\": \"affected\", \"version\": \"2.3.76\"}, {\"status\": \"affected\", \"version\": \"2.3.77\"}, {\"status\": \"affected\", \"version\": \"2.3.78\"}, {\"status\": \"affected\", \"version\": \"2.3.79\"}, {\"status\": \"affected\", \"version\": \"2.3.80\"}, {\"status\": \"affected\", \"version\": \"2.3.81\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-06-08T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-06-08T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2026-01-09T01:16:18.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.311632\", \"name\": \"VDB-311632 | eCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted upload\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.311632\", \"name\": \"VDB-311632 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.585733\", \"name\": \"Submit #585733 | Salia PLCC Salia PLCC Slave v2.2.0\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/YZS17/CVE/blob/main/Salia_PLCC/Salia_PLCC_Slave_v2.2.0_File_Upload.md\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2.3.81. Affected by this issue is some unknown functionality of the file /firmware.php of the component Web UI. Performing a manipulation of the argument media results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"Unrestricted Upload\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper Access Controls\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-01-09T00:12:30.422Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-5873\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-09T00:12:30.422Z\", \"dateReserved\": \"2025-06-08T17:49:54.645Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-06-09T10:31:04.727Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…