CVE-2025-60947 is a vulnerability identified in Census CSWeb version 8.0.1, classified under CWE-434, which pertains to unrestricted upload of files with dangerous types. This vulnerability allows a remote attacker who has authenticated access to the system to upload arbitrary files without proper validation or restriction on file types. The lack of controls on uploaded files can enable attackers to upload malicious payloads, such as web shells or scripts, which can then be executed on the server, leading to remote code execution (RCE). The vulnerability does not require user interaction beyond authentication, and the attack vector is network-based, making it easier to exploit within environments where attackers have valid credentials. The CVSS v3.1 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. The vulnerability was reserved in late 2025 and published in early 2026. The vendor has addressed the issue in version 8.1.0 alpha, but no official patch link is provided yet. The vulnerability poses a significant risk to organizations relying on Census CSWeb for census or data collection operations, as successful exploitation could lead to full system compromise.

The impact of CVE-2025-60947 is substantial for organizations using Census CSWeb 8.0.1. Successful exploitation can lead to remote code execution, allowing attackers to execute arbitrary commands on the server, potentially leading to full system compromise. This can result in data breaches, unauthorized data manipulation, service disruption, and lateral movement within the network. Given that Census CSWeb is likely used in government or census-related data collection environments, the confidentiality of sensitive population data and integrity of census results could be severely affected. Availability may also be impacted if attackers deploy ransomware or disrupt services. The requirement for authentication limits exposure to some extent, but insider threats or compromised credentials could facilitate exploitation. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for mitigation due to the high severity and potential impact.

1. Upgrade to Census CSWeb version 8.1.0 alpha or later as soon as it becomes available and stable, as this version addresses the vulnerability. 2. Until patching is possible, restrict file upload permissions to only trusted users and limit the types of files that can be uploaded via application-level controls or web server configurations. 3. Implement strict input validation and file type verification on the server side to prevent dangerous file types from being accepted. 4. Employ web application firewalls (WAFs) with rules to detect and block suspicious file upload attempts. 5. Monitor logs for unusual file upload activity and signs of web shell deployment or command execution. 6. Enforce strong authentication mechanisms and regularly audit user accounts to prevent credential compromise. 7. Isolate the Census CSWeb application environment to limit lateral movement in case of compromise. 8. Conduct regular security assessments and penetration testing focused on file upload functionalities. 9. Educate administrators and users about the risks of file upload vulnerabilities and the importance of credential security.