CVE-2025-10544

Description

Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that compromise the system. In addition, it is vulnerable to Path Traversal, which allows files to be written to arbitrary directories within the web root.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

High

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

AvePoint / Compliance Guardian0 – 4.7.1
AvePoint / DocAve6.13.2 – 6.13.2
AvePoint / Perimeter1.12.3 – 1.12.3

References

MISChttps://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-uploading-dangerous-file-types-avepoint-products