CVE-2025-67260 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 23, 2026
ASTER TEC Terrapack - Unrestricted File Upload
Overview
ASTER TEC Terrapack TkWebCoreNG 1.0.20200914, TKServerCGI 2.5.4.150, and TpkWebGIS Client 1.0.0 contain an unrestricted file upload vulnerability that allows attackers to execute arbitrary code by uploading malicious files, exploit requires no special privileges.
Severity & Score
Impact
Attackers can execute arbitrary code remotely by uploading malicious files, potentially leading to full system compromise.
Mitigation
Update to the latest available versions of Terrapack components.
References
Social Media Activity(2 posts)
š CVE-2025-67260 - High (8.8) The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.2020091... š https://www.thehackerwire.com/vulnerability/CVE-2025-67260/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2025-67260 - High (8.8) The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.2020091... š https://www.thehackerwire.com/vulnerability/CVE-2025-67260/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-67260
- Severity
- High
- CVSS Score
- 8.8
- Type
- unrestricted_file_upload
- Status
- new
- EPSS
- 1.8%
- Social Posts
- 2
CWE
- CWE-434
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H