E
xplorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations.
References
| Link | Resource |
|---|---|
| https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0003.md | Third Party Advisory |
| https://online-help.explorance.com/blue/articles/security-advisories-(january-2026) | Vendor Advisory |
| https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57794 | Vendor Advisory |
| https://www.explorance.com/products/blue | Product |
Configurations
History
05 Feb 2026, 16:59
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:explorance:blue:*:*:*:*:*:*:*:* | |
| References | () https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0003.md - Third Party Advisory | |
| References | () https://online-help.explorance.com/blue/articles/security-advisories-(january-2026) - Vendor Advisory | |
| References | () https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57794 - Vendor Advisory | |
| References | () https://www.explorance.com/products/blue - Product | |
| First Time |
Explorance blue
Explorance |
28 Jan 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
28 Jan 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-28 18:16
Updated : 2026-02-05 16:59
NVD link : CVE-2025-57794
Mitre link : CVE-2025-57794
CVE.ORG link : CVE-2025-57794
JSON object : View
Products Affected
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type