he E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP (a ZIP containing another ZIP) where the inner archive contains an executable file (e.g. webshell.php). When the application extracts the uploaded archives, the executable may be extracted into a web-accessible directory. This can lead to remote code execution (RCE), data disclosure, account compromise, or further system compromise depending on the web server/process privileges. The issue arises from insufficient validation of archive contents and inadequate restrictions on extraction targets.
| Link | Resource |
|---|---|
| https://github.com/Bidon47/CVE-2025-65806/blob/main/CVE-2025-65806.md | Exploit Third Party Advisory |
| https://www.e-point.pl/produkty/e-point-cms | Product |
05 Jan 2026, 19:29
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
E-point
E-point e-point Cms |
|
| CPE | cpe:2.3:a:e-point:e-point_cms:eagle.gsam-1169.1:*:*:*:*:*:*:* | |
| References | () https://github.com/Bidon47/CVE-2025-65806/blob/main/CVE-2025-65806.md - Exploit, Third Party Advisory | |
| References | () https://www.e-point.pl/produkty/e-point-cms - Product |
08 Dec 2025, 18:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Published : 2025-12-04 20:16
Updated : 2026-01-05 19:29
NVD link : CVE-2025-65806
Mitre link : CVE-2025-65806
CVE.ORG link : CVE-2025-65806
JSON object : View
Unrestricted Upload of File with Dangerous Type