CVE-2025-24775: Unrestricted Upload of File with Dangerous Type in Made I.T. Forms
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through <= 2.9.0.
AI Analysis
Technical Summary
This vulnerability in Made I.T. Forms (<= 2.9.0) allows an attacker with low privileges and no user interaction required to upload files of dangerous types, such as web shells, to the web server. This unrestricted file upload can lead to full system compromise, including complete loss of confidentiality, integrity, and availability. The CVSS 3.1 vector indicates network attack vector, low attack complexity, privileges required, no user interaction, and scope change with high impact on all security properties.
Potential Impact
Successful exploitation allows an attacker to upload and execute arbitrary code on the web server, resulting in full system compromise. This includes the ability to steal sensitive data, modify or delete data, and disrupt service availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict file upload permissions, implement strict file type validation, and monitor for suspicious file uploads as temporary mitigations.
CVE-2025-24775: Unrestricted Upload of File with Dangerous Type in Made I.T. Forms
Description
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through <= 2.9.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Made I.T. Forms (<= 2.9.0) allows an attacker with low privileges and no user interaction required to upload files of dangerous types, such as web shells, to the web server. This unrestricted file upload can lead to full system compromise, including complete loss of confidentiality, integrity, and availability. The CVSS 3.1 vector indicates network attack vector, low attack complexity, privileges required, no user interaction, and scope change with high impact on all security properties.
Potential Impact
Successful exploitation allows an attacker to upload and execute arbitrary code on the web server, resulting in full system compromise. This includes the ability to steal sensitive data, modify or delete data, and disrupt service availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict file upload permissions, implement strict file type validation, and monitor for suspicious file uploads as temporary mitigations.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-01-23T14:53:25.027Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 689dbee0ad5a09ad0059e559
Added to database: 8/14/2025, 10:48:00 AM
Last enriched: 5/1/2026, 9:39:15 AM
Last updated: 5/9/2026, 10:57:13 PM
Views: 89
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.