{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T22:44:37.952","vulnerabilities":[{"cve":{"id":"CVE-2025-28168","sourceIdentifier":"cve@mitre.org","published":"2025-05-05T14:15:28.500","lastModified":"2025-09-30T17:01:40.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension restrictions and upload arbitrary files. NOTE: this is a third-party component that is not supplied or supported by OutSystems."},{"lang":"es","value":"La versión anterior a la 3.1.0 de Outsystems Multiple File Upload es vulnerable a la carga de archivos sin restricciones. Esta vulnerabilidad se debe a que las validaciones de extensión y tamaño de archivo se aplican únicamente en el lado del cliente. Un atacante puede interceptar la solicitud de carga y modificar el parámetro para eludir las restricciones de extensión y cargar archivos arbitrarios."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-602"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:multiple_file_upload_project:multiple_file_upload:3.1.0:*:*:*:*:outsystems:*:*","matchCriteriaId":"7FC6134C-BD60-43D3-A3C7-C2FB4740B03D"}]}]}],"references":[{"url":"https://gist.github.com/IamLeandrooooo/01090be3023f5e7c7397bb9b1f5505b9","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.outsystems.com/forge/component-overview/200/multiple-file-upload-o11","source":"cve@mitre.org","tags":["Product"]}]}}]}