CVE-2024-46625 is a high-severity vulnerability identified in InfoDom Performa 365 version 4.0.1, specifically targeting the /documentCache/upload endpoint. This endpoint improperly handles file uploads, allowing authenticated users to upload arbitrary files without sufficient validation. The vulnerability exploits the handling of SVG (Scalable Vector Graphics) files, which can contain embedded scripts or malicious payloads. By uploading a crafted SVG file, an attacker can trigger arbitrary code execution on the server hosting the application. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and has a CVSS 3.1 base score of 8.8, indicating a high impact on confidentiality, integrity, and availability. The attack vector is network-based, requiring low attack complexity and privileges (authenticated user), with no user interaction needed. The scope remains unchanged, meaning the vulnerability affects the vulnerable component without extending beyond it. Although no public exploits have been reported yet, the potential for remote code execution makes this a critical risk for affected organizations. The lack of available patches at the time of publication necessitates immediate mitigation efforts.

Successful exploitation of CVE-2024-46625 can lead to complete compromise of the affected InfoDom Performa 365 server. Attackers can execute arbitrary code, potentially gaining unauthorized access to sensitive data, modifying or deleting files, disrupting service availability, or using the compromised server as a pivot point for further network intrusion. This can result in data breaches, operational downtime, and reputational damage. Since the vulnerability requires authentication, insider threats or compromised credentials increase risk. Organizations relying on InfoDom Performa 365 for document management or business processes face significant operational and security risks if this vulnerability is exploited.

Organizations should immediately restrict access to the /documentCache/upload endpoint to trusted users and monitor for suspicious upload activity. Implement strict input validation and file type restrictions on uploaded files, explicitly disallowing SVG files or sanitizing their content to remove embedded scripts. Employ application-layer firewalls or intrusion detection systems to detect anomalous file uploads. Rotate and enforce strong authentication credentials to reduce risk from compromised accounts. Until an official patch is released, consider isolating the affected application server from critical network segments to limit potential lateral movement. Regularly audit logs for unauthorized upload attempts and anomalous behavior. Engage with InfoDom for timely patch deployment once available and test updates in a controlled environment before production rollout.