CVE-2025-7917

High CVSS 7.2

Overview

WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

CWE: CWE-434 Published: 2025-07-21T06:15:28.997

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.2 (HIGH)
Detected tags: rce, upload (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.
Restrict types/MIME, store outside web root, inspect content.

Overview

Recommended tools

Tags