CVE-2025-52130 is a file upload vulnerability identified in WebErpMesv2 version 1.17, specifically within the app/Http/Controllers/FactoryController.php controller. This vulnerability allows an authenticated attacker to upload arbitrary files, including potentially malicious PHP scripts. Once uploaded, these files can be accessed directly via HTTP GET requests, which may lead to remote code execution (RCE) on the affected web server. The vulnerability is categorized under CWE-616, which relates to improper restriction of file upload capabilities. The CVSS v3.1 base score is 5.4, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N) suggests that the attack can be performed remotely over the network with low attack complexity, requires no privileges but does require user interaction (authentication), and impacts confidentiality and integrity to a limited extent without affecting availability. No known exploits are currently reported in the wild, and no patches or fixes have been linked yet. The vulnerability arises because the application does not properly validate or restrict the types of files that authenticated users can upload, enabling the possibility of uploading executable scripts that can be triggered remotely, potentially compromising the server and underlying infrastructure.

For European organizations using WebErpMesv2 1.17, this vulnerability poses a significant risk to the confidentiality and integrity of their enterprise resource planning (ERP) systems. Successful exploitation could allow attackers to execute arbitrary code on the web server, leading to unauthorized access to sensitive business data, manipulation of manufacturing or factory control processes, and potential lateral movement within the network. Given that ERP systems often integrate with critical business functions such as supply chain, inventory, and production management, an attacker could disrupt operations or exfiltrate intellectual property. Although availability impact is rated low, the indirect consequences of data breaches or operational disruptions could be severe. The requirement for authentication limits exposure to internal or compromised users, but social engineering or credential theft could facilitate exploitation. European organizations must consider the regulatory implications under GDPR if personal or sensitive data is involved, as well as the reputational damage from such breaches.

To mitigate this vulnerability, European organizations should implement strict file upload validation controls within WebErpMesv2, including whitelisting allowed file types and enforcing server-side checks to reject executable scripts or files with dangerous extensions. Immediate steps include restricting upload directories to non-executable locations and disabling direct HTTP access to uploaded files where possible. Employing web application firewalls (WAFs) with rules to detect and block suspicious file upload attempts can provide additional protection. Organizations should enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. Regular monitoring of web server logs for unusual file uploads or access patterns is advised. Since no official patch is currently available, organizations should engage with the vendor for updates and consider temporary compensating controls such as isolating the affected application environment or limiting user upload privileges. Conducting security awareness training to prevent credential theft and phishing attacks will also reduce exploitation likelihood.