The vulnerability identified as CVE-2025-32291 in FantasticPlugins SUMO Affiliates Pro permits attackers to upload files of dangerous types without restriction. This unrestricted file upload can be exploited to execute malicious code or otherwise compromise the affected system. The issue affects all versions before 11.1.0. The CVSS 3.1 base score is 10.0, reflecting a critical severity with network attack vector, no required privileges or user interaction, and complete impact on confidentiality, integrity, and availability. No official patch or mitigation details have been provided by the vendor yet.

Successful exploitation of this vulnerability allows an unauthenticated attacker to upload malicious files to the server running SUMO Affiliates Pro, potentially leading to full system compromise including data theft, data modification, and service disruption. The critical CVSS score reflects the high risk and potential for severe impact on affected systems.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict file upload permissions, implement strict file type validation, and monitor for suspicious upload activity as interim mitigations.