{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T18:56:02.387","vulnerabilities":[{"cve":{"id":"CVE-2025-9060","sourceIdentifier":"vulnerability@kaspersky.com","published":"2025-08-15T17:15:34.887","lastModified":"2026-06-17T10:08:14.667","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in the  MSoft MFlash\n\n application that allows \nexecution of arbitrary code on the server. The issue occurs in the \nintegration configuration functionality that is only available to \nMFlash\n\n\n administrators. The vulnerability is related to insufficient validation\n of parameters when setting up security components.\n\nThis issue affects MFlash v. 8.0 and possibly others. To mitigate apply 8.2-653 hotfix 11.06.2025 and above."},{"lang":"es","value":"Se ha detectado una vulnerabilidad en la aplicación MSoft MFlash que permite la ejecución de código arbitrario en el servidor. El problema se produce en la función de configuración de integración, disponible únicamente para los administradores de MFlash. La vulnerabilidad se relaciona con una validación insuficiente de los parámetros al configurar los componentes de seguridad. Este problema afecta a MFlash v. 8.0 y posiblemente a otras versiones. Para mitigarlo, aplique la revisión 8.2-653 11.06.2025 y posteriores."}],"affected":[{"source":"vulnerability@kaspersky.com","affectedData":[{"vendor":"MSoft","product":"MFlash","defaultStatus":"unknown","versions":[{"version":"8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerability@kaspersky.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-08-15T17:51:40.064538Z","id":"CVE-2025-9060","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerability@kaspersky.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/klsecservices/Advisories/blob/master/K-MSoft-2025-002.md","source":"vulnerability@kaspersky.com"}]}}]}