Home / Vulnerability Intelligence / CVE-2025-70995

CVE-2025-70995 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 6, 2026

Aranda Service Desk Web Edition - Remote Code Execution

Published: March 5, 2026Updated: March 6, 2026PoC AvailableRemote Exploitable

Overview

Aranda Service Desk Web Edition ASDK API 8.6 contains a remote code execution caused by improper validation of uploaded files in /ASDKAPI/api/v8.6/item/addfile, letting authenticated attackers execute arbitrary code remotely, exploit requires authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 36.3%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can execute arbitrary code remotely, potentially leading to full server compromise.

Mitigation

Update to the latest version with proper file validation.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 7, 2026

🟠 CVE-2025-70995 - High (8.8) An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafte... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70995/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

https://github.com/0xcronos/CVE

Related Resources

Details

CVE ID: CVE-2025-70995
Severity: High
CVSS Score: 8.8
Type: unrestricted_file_upload
Status: new
EPSS: 36.3%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

36.3%Probability of exploitation in the next 30 days