CVE-2025-15423 is a vulnerability identified in EmpireSoft's EmpireCMS content management system, specifically affecting version 8.0. The issue resides in the CheckSaveTranFiletype function within the e/class/connect.php file, which is responsible for validating uploaded file types. Due to insufficient validation or improper handling, this function allows attackers to bypass restrictions and upload arbitrary files to the server. The vulnerability can be exploited remotely without requiring authentication or user interaction, making it accessible to unauthenticated attackers over the network. The unrestricted upload capability can be leveraged to place malicious scripts or web shells, potentially enabling remote code execution, data theft, or further system compromise. The vendor was notified early but has not issued any patches or advisories, and the exploit details have been publicly disclosed, increasing the risk of exploitation. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and limited impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). No known exploits are currently active in the wild, but the public disclosure heightens the threat landscape. The vulnerability affects only EmpireCMS version 8.0, which is used primarily in certain regional markets and industries relying on this CMS platform.

The unrestricted file upload vulnerability in EmpireCMS 8.0 can have significant impacts on affected organizations. Attackers can upload malicious files such as web shells, backdoors, or malware, which can lead to remote code execution, unauthorized access, data exfiltration, and defacement of websites. This compromises the confidentiality, integrity, and availability of the affected systems. Since the vulnerability requires no authentication and no user interaction, it lowers the barrier for exploitation, increasing the risk of automated attacks and mass scanning. Organizations relying on EmpireCMS for web content management may face service disruptions, reputational damage, and potential regulatory consequences if sensitive data is exposed. The lack of vendor response and absence of patches further exacerbate the risk, forcing organizations to rely on mitigations or alternative protective measures. While no active exploits are currently reported, the public disclosure may lead to future exploitation attempts, especially targeting organizations in sectors with high-value web assets or sensitive information.

Given the absence of official patches from the vendor, organizations should implement immediate compensating controls to mitigate the risk. These include: 1) Restricting file upload functionality by disabling or limiting it to trusted users only; 2) Implementing strict server-side validation and filtering of uploaded files, including checking MIME types, file extensions, and scanning for malicious content; 3) Employing web application firewalls (WAFs) with custom rules to detect and block suspicious upload attempts targeting the vulnerable function; 4) Isolating the CMS environment in a segmented network zone with limited access to critical backend systems; 5) Monitoring logs and network traffic for unusual upload activity or web shell indicators; 6) Regularly backing up website data and configurations to enable recovery in case of compromise; 7) Considering migration to alternative CMS platforms or earlier versions without this vulnerability if feasible; and 8) Engaging with security researchers or third-party vendors for custom patches or virtual patching until an official fix is available. Organizations should also prepare incident response plans specific to web server compromises.