Strix
26.1K

CVE-2025-57642

HIGHCVSS 7.2/10EPSS 1.48%

Last modified

CVE-2025-57642 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality.. EPSS estimates a 1.48% chance of exploitation in the next 30 days.

Description

A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality.

Metrics

CVSS 3.1
7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.48%

70.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SohamjuhinTourism Management System2.0

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-57642?
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality.
How severe is CVE-2025-57642?
CVE-2025-57642 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 1.48% probability of exploitation in the next 30 days.
How do I fix CVE-2025-57642?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-57642?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST