CVE-2025-5243

CRITICAL 10.0

Arbitrary File Upload in SMG Software's Information Portal

CVSS Score

10.0

EPSS Score

2.2%

EPSS Percentile

85th

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information Portal: before 13.06.2025.

CWE	CWE-434 CWE-78
Vendor	smg software
Product	information portal
Published	Jul 24, 2025
Last Updated	Jun 5, 2026

Stay Ahead of the Next One

Get instant alerts for smg software information portal

Be the first to know when new critical vulnerabilities affecting smg software information portal are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

SMG Software / Information Portal

0 < 13.06.2025

References

NVD ↗ CVE.org ↗ EPSS Data ↗

usom.gov.tr: https://www.usom.gov.tr/bildirim/tr-25-0174 siberguvenlik.gov.tr: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0174

Credits

Ersin ERENLER NSC Informatics Inc.