CVE-2025-70995

{"id": "CVE-2025-70995", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-03-05T21:16:13.977", "references": [{"url": "https://docs.arandasoft.com/asdk-api/pages/V1.9/descripcion/adjuntar_archivos.html", "source": "cve@mitre.org"}, {"url": "https://docs.arandasoft.com/asdk-v8-release-notes/assets/asdk-v8-release-notes.pdf", "source": "cve@mitre.org"}, {"url": "https://github.com/0xcronos/CVE/blob/main/CVE-2025-70995/README.md", "source": "cve@mitre.org"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile, which is processed by the ASP.NET runtime. The uploaded configuration file alters the execution context of the upload directory, enabling compilation and execution of attacker-controlled code (e.g., generation of an .aspx webshell). This allows remote command execution on the server without user interaction beyond authentication, impacting both On-Premise and SaaS deployments. The vendor has fixed the issue in Aranda Service Desk V8 8.30.6."}, {"lang": "es", "value": "Un problema en Aranda Service Desk Web Edition (ASDK API 8.6) permite a los atacantes autenticados ejecutar c\u00f3digo remoto debido a una validaci\u00f3n inadecuada de los archivos cargados. Un usuario autenticado puede cargar un archivo web. config creado enviando una solicitud POST creada a /ASDKAPI/api/v8.6/item/addfile, que es procesada por el tiempo de ejecuci\u00f3n de ASP.NET. El archivo de configuraci\u00f3n cargado altera el contexto de ejecuci\u00f3n del directorio de carga, lo que permite la compilaci\u00f3n y ejecuci\u00f3n de c\u00f3digo controlado por el atacante (por ejemplo, la generaci\u00f3n de un webshell .aspx). Esto permite la ejecuci\u00f3n remota de comandos en el servidor sin interacci\u00f3n del usuario m\u00e1s all\u00e1 de la autenticaci\u00f3n, lo que afecta tanto a las implementaciones locales como a las de SaaS."}], "lastModified": "2026-04-27T19:18:46.690", "sourceIdentifier": "cve@mitre.org"}