CVE-2025-49447 is an unrestricted file upload vulnerability (CWE-434) in Fastw3b LLC's FW Food Menu software versions up to 6.0.0. It allows attackers to upload files of dangerous types without restriction, which can be used to execute malicious code or compromise the system. The vulnerability has a critical CVSS score of 10.0, reflecting its high impact and ease of exploitation over the network without authentication or user interaction. No patch or official fix information is currently provided by the vendor, and the product is not a cloud service, so remediation depends on vendor updates.

Successful exploitation of this vulnerability can lead to full system compromise, including unauthorized disclosure of information, modification or destruction of data, and disruption of service. The CVSS vector indicates that the attack can be performed remotely without any privileges or user interaction, making it highly dangerous. No known exploits are reported in the wild yet.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix is currently available, users should exercise caution with file uploads and consider implementing temporary controls such as restricting allowed file types, scanning uploaded files for malware, or disabling file upload functionality if feasible until a vendor fix is released.