Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations.
References
| Link | Resource |
|---|---|
| https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0003.md | Third Party Advisory |
| https://online-help.explorance.com/blue/articles/security-advisories-(january-2026) | Vendor Advisory |
| https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57794 | Vendor Advisory |
| https://www.explorance.com/products/blue | Product |
Configurations
History
05 Feb 2026, 16:59
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:explorance:blue:*:*:*:*:*:*:*:* | |
| References | () https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0003.md - Third Party Advisory | |
| References | () https://online-help.explorance.com/blue/articles/security-advisories-(january-2026) - Vendor Advisory | |
| References | () https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57794 - Vendor Advisory | |
| References | () https://www.explorance.com/products/blue - Product | |
| First Time |
Explorance
Explorance blue |
28 Jan 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
28 Jan 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-28 18:16
Updated : 2026-02-05 16:59
NVD link : CVE-2025-57794
Mitre link : CVE-2025-57794
CVE.ORG link : CVE-2025-57794
JSON object : View
Products Affected
explorance
- blue
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type