CVE-2025-11020

high

Description

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.

References

https://www.markany.com/enterprisesecurity?utm_campaign=markany_sa&utm_source=google_pc&utm_medium=gsa_pc&utm_term=cybersecurity&utm_content=&gad_source=1&gad_campaignid=21853187406&gbraid=0AAAAADOrb0lM8ZHyDytvnVwj9T--km9aM&gclid=Cj0KCQjwovPGBhDxARIsAFhgkwSh0F9hnsAoRTS8OnFI3KcF4_UMarYchq0uP5V1DiSQyKKVLdZPJNYaAiBuEALw_wcB

Details

Source: Mitre, NVD

Published: 2025-10-02

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Severity: High

EPSS

EPSS: 0.00022