CVE-2025-52130 is a file upload vulnerability identified in WebErpMesv2 version 1.17, specifically within the app/Http/Controllers/FactoryController.php controller. This vulnerability allows an authenticated attacker to upload arbitrary files, including malicious PHP scripts, to the web server. Once uploaded, these files can be accessed directly via HTTP GET requests, enabling the attacker to execute remote code on the server. The vulnerability arises from insufficient validation or sanitization of uploaded files, permitting attackers to bypass restrictions and place executable code on the server. Exploitation requires authentication, meaning the attacker must have valid credentials or have compromised an account with upload privileges. Although no public exploits are currently known in the wild, the potential for remote code execution (RCE) makes this a critical security risk. The lack of a CVSS score indicates that the vulnerability is newly published and may not yet have undergone comprehensive severity assessment. The vulnerability affects WebErpMesv2 1.17, a web-based ERP system used for enterprise resource planning, which is often critical for business operations. Attackers leveraging this flaw could gain full control over the affected server, leading to data breaches, system manipulation, or pivoting to other internal systems.

For European organizations using WebErpMesv2 1.17, this vulnerability poses a significant threat to confidentiality, integrity, and availability of business-critical systems. Successful exploitation could lead to unauthorized access to sensitive financial and operational data, disruption of enterprise resource planning processes, and potential lateral movement within corporate networks. Given that ERP systems often integrate with multiple business functions, the impact could cascade, affecting supply chain management, inventory control, and financial reporting. The requirement for authentication limits exposure to some extent; however, insider threats or compromised credentials could facilitate exploitation. Additionally, the ability to execute arbitrary code remotely could allow attackers to deploy ransomware, exfiltrate data, or establish persistent backdoors. This could result in regulatory non-compliance, especially under GDPR, and cause reputational damage. The absence of known public exploits currently provides a window for mitigation before widespread attacks occur.

European organizations should immediately audit their WebErpMesv2 installations to identify affected versions, particularly version 1.17. Since no official patch links are currently available, organizations should implement compensating controls such as restricting file upload permissions to the minimum necessary users and roles, enforcing strict authentication and multi-factor authentication (MFA) for all accounts with upload privileges, and monitoring upload directories for suspicious files. Web application firewalls (WAFs) should be configured to detect and block attempts to upload executable scripts or access uploaded files with suspicious extensions. Organizations should also conduct thorough logging and real-time monitoring of file upload activities and HTTP requests targeting uploaded files. Network segmentation can limit the impact of a compromised ERP server. Finally, organizations should maintain regular backups of ERP data and system configurations to enable recovery in case of compromise. Once a patch or update is released by the vendor, immediate application is critical.