CVE-2025-8775: Unrestricted Upload in Qiyuesuo Eelectronic Signature Platform
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
CVE-2025-8775 is a medium-severity vulnerability identified in the Qiyuesuo Electronic Signature Platform versions up to 4.34. The vulnerability resides in the Scheduled Task Handler component, specifically in the /api/code/upload endpoint's execute function. It allows an attacker to perform an unrestricted file upload by manipulating the 'File' argument. This flaw enables remote attackers to upload arbitrary files without authentication or user interaction, potentially leading to unauthorized code execution or system compromise. The vulnerability has a CVSS 4.0 base score of 5.3, reflecting network attack vector, low attack complexity, no privileges or user interaction required, but limited impact on confidentiality, integrity, and availability. Although the vendor was contacted early, no response or patch has been issued, and no known exploits are currently observed in the wild. The unrestricted upload could be leveraged to deploy web shells or malware, facilitating persistent access or lateral movement within affected environments.
Potential Impact
For European organizations, this vulnerability poses a significant risk particularly to entities relying on the Qiyuesuo Electronic Signature Platform for document signing and workflow automation. Exploitation could lead to unauthorized access to sensitive documents, manipulation of electronic signatures, and potential disruption of business processes dependent on the platform. The ability to upload arbitrary files remotely without authentication increases the risk of system compromise, data breaches, and reputational damage. Given the critical role of electronic signature platforms in legal, financial, and governmental sectors, exploitation could undermine trust in digital transactions and compliance with EU regulations such as eIDAS. Additionally, compromised systems could serve as footholds for further attacks within corporate networks.
Mitigation Recommendations
Organizations using Qiyuesuo Electronic Signature Platform should immediately implement compensating controls such as network segmentation to isolate the platform from critical infrastructure and restrict access to the /api/code/upload endpoint via firewall rules or web application firewalls (WAFs). Monitoring and logging upload activity should be enhanced to detect anomalous file uploads. Employ strict file type validation and scanning for malware on uploaded files where possible. Until an official patch is released, consider disabling or restricting the Scheduled Task Handler component if feasible. Conduct thorough security assessments and penetration tests targeting this functionality. Additionally, maintain up-to-date backups and incident response plans to quickly recover from potential compromises. Engage with the vendor for updates and apply patches promptly once available.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden
CVE-2025-8775: Unrestricted Upload in Qiyuesuo Eelectronic Signature Platform
Description
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Technical Analysis
CVE-2025-8775 is a medium-severity vulnerability identified in the Qiyuesuo Electronic Signature Platform versions up to 4.34. The vulnerability resides in the Scheduled Task Handler component, specifically in the /api/code/upload endpoint's execute function. It allows an attacker to perform an unrestricted file upload by manipulating the 'File' argument. This flaw enables remote attackers to upload arbitrary files without authentication or user interaction, potentially leading to unauthorized code execution or system compromise. The vulnerability has a CVSS 4.0 base score of 5.3, reflecting network attack vector, low attack complexity, no privileges or user interaction required, but limited impact on confidentiality, integrity, and availability. Although the vendor was contacted early, no response or patch has been issued, and no known exploits are currently observed in the wild. The unrestricted upload could be leveraged to deploy web shells or malware, facilitating persistent access or lateral movement within affected environments.
Potential Impact
For European organizations, this vulnerability poses a significant risk particularly to entities relying on the Qiyuesuo Electronic Signature Platform for document signing and workflow automation. Exploitation could lead to unauthorized access to sensitive documents, manipulation of electronic signatures, and potential disruption of business processes dependent on the platform. The ability to upload arbitrary files remotely without authentication increases the risk of system compromise, data breaches, and reputational damage. Given the critical role of electronic signature platforms in legal, financial, and governmental sectors, exploitation could undermine trust in digital transactions and compliance with EU regulations such as eIDAS. Additionally, compromised systems could serve as footholds for further attacks within corporate networks.
Mitigation Recommendations
Organizations using Qiyuesuo Electronic Signature Platform should immediately implement compensating controls such as network segmentation to isolate the platform from critical infrastructure and restrict access to the /api/code/upload endpoint via firewall rules or web application firewalls (WAFs). Monitoring and logging upload activity should be enhanced to detect anomalous file uploads. Employ strict file type validation and scanning for malware on uploaded files where possible. Until an official patch is released, consider disabling or restricting the Scheduled Task Handler component if feasible. Conduct thorough security assessments and penetration tests targeting this functionality. Additionally, maintain up-to-date backups and incident response plans to quickly recover from potential compromises. Engage with the vendor for updates and apply patches promptly once available.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-08-08T20:26:31.112Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6897bb0dad5a09ad000e951b
Added to database: 8/9/2025, 9:18:05 PM
Last enriched: 8/17/2025, 1:00:46 AM
Last updated: 9/24/2025, 6:41:57 PM
Views: 41
Related Threats
CVE-2025-59832: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in horilla-opensource horilla
CriticalCVE-2025-40836: CWE-20 Improper Input Validation in Ericsson Indoor Connect 8855
HighCVE-2025-36857: CWE-276 Incorrect Default Permissions in Rapid7 Appspider Pro
LowCVE-2025-27262: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Ericsson Indoor Connect 8855
HighCVE-2025-27261: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Ericsson Indoor Connect 8855
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.