CVE-2025-59872
Last modified
CVE-2025-59872 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system commands. For this attack to be successful, the file needs to be uploaded inside the Webroot, and the server must be configured to execute the code
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hcltech | Zie For Web | 16.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-59872?
How severe is CVE-2025-59872?
How do I fix CVE-2025-59872?
Are you affected by CVE-2025-59872?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST