CVE-2025-60947 is a vulnerability classified under CWE-434, which pertains to unrestricted upload of files with dangerous types. The affected product is Census CSWeb version 8.0.1. This vulnerability allows a remote attacker who has authenticated access to the system to upload arbitrary files without proper validation or restriction on file types. Because the upload mechanism does not enforce file type restrictions, an attacker can upload malicious files such as web shells or scripts that can be executed by the server, leading to remote code execution (RCE). This compromises the confidentiality, integrity, and availability of the system. The vulnerability does not require user interaction beyond authentication, and the attack vector is network-based with low attack complexity. The vulnerability was reserved in September 2025 and published in March 2026, with a CVSS 3.1 base score of 8.8, indicating high severity. The vendor has addressed the issue in version 8.1.0 alpha, but no official patch links are provided in the data. No known exploits have been reported in the wild yet, but the potential impact is significant due to the ability to execute arbitrary code remotely.

The impact of CVE-2025-60947 is substantial for organizations using Census CSWeb 8.0.1. Successful exploitation can lead to remote code execution, allowing attackers to take full control of the affected server. This can result in data breaches, unauthorized access to sensitive information, disruption of services, and potential lateral movement within the network. Confidentiality is compromised as attackers can access or exfiltrate sensitive data. Integrity is at risk because attackers can modify or delete data or system files. Availability can be affected if attackers deploy ransomware or cause system crashes. Since authentication is required, the threat is primarily from insider threats or compromised credentials, but the ease of exploitation and high impact make it a critical concern. Organizations in sectors such as government, finance, healthcare, and critical infrastructure that rely on Census CSWeb for web services are particularly vulnerable.

To mitigate CVE-2025-60947, organizations should immediately upgrade Census CSWeb to version 8.1.0 alpha or later where the vulnerability is fixed. If upgrading is not immediately possible, implement strict file upload validation controls, including whitelisting allowed file types and scanning uploaded files for malicious content. Restrict upload permissions to the minimum necessary users and roles. Employ web application firewalls (WAFs) to detect and block suspicious file upload attempts. Monitor logs for unusual upload activity and failed authentication attempts. Use network segmentation to limit the impact of a compromised server. Regularly audit user accounts and enforce strong authentication mechanisms to reduce the risk of credential compromise. Additionally, conduct penetration testing focused on file upload functionalities to identify any residual weaknesses.