CVE-2025-13949 is a vulnerability identified in ProudMuBai GoFilm versions 1.0.0 and 1.0.1, specifically in the SingleUpload function located in the /server/controller/FileController.go file. The vulnerability arises from improper validation or restriction of the File argument, which allows an attacker to upload arbitrary files without restrictions. This unrestricted upload capability can be exploited remotely over the network without requiring user interaction, but it does require the attacker to have low-level privileges (PR:L). The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as attackers could upload malicious files such as web shells, malware, or unauthorized content, potentially leading to further system compromise or data leakage. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the moderate risk posed by this vulnerability. The vendor ProudMuBai was contacted early but has not responded or provided patches, and no public exploits are currently known to be in active use. The vulnerability is publicly disclosed, and exploit code is available, increasing the risk of future exploitation. The lack of vendor response and patch availability necessitates proactive mitigation by users. The vulnerability does not require user interaction, and the attack surface is network-exposed, making it accessible to remote attackers with low privileges. The scope is limited to the GoFilm application and does not extend beyond it.

For European organizations, the unrestricted upload vulnerability in GoFilm could lead to unauthorized file uploads that enable attackers to deploy malicious payloads such as web shells or ransomware, potentially compromising sensitive media content or internal systems. This could result in data breaches, service disruptions, or reputational damage, especially for companies relying on GoFilm for digital asset management or media production. The medium severity indicates a moderate risk, but the absence of patches and vendor support increases exposure. Organizations in sectors like media, entertainment, and digital content creation are particularly at risk. Additionally, if attackers leverage this vulnerability as an initial foothold, it could facilitate lateral movement within networks, escalating the impact. The vulnerability's remote exploitability without user interaction makes it a viable target for automated attacks, increasing the likelihood of exploitation if unmitigated.

Since no official patches or vendor responses are available, European organizations should implement compensating controls immediately. These include restricting network access to the GoFilm application to trusted IP addresses and internal networks only, employing web application firewalls (WAFs) to detect and block suspicious file upload attempts, and implementing strict file type and size validation at the proxy or application gateway level. Monitoring and logging all file upload activities with alerting on anomalous behavior can help detect exploitation attempts early. Additionally, organizations should conduct regular security assessments and penetration tests focused on file upload functionalities. If possible, isolate the GoFilm application in a segmented network zone with limited privileges to minimize potential damage. Organizations should also consider disabling or restricting the SingleUpload function if it is not essential. Finally, maintain up-to-date backups of critical data to enable recovery in case of compromise.