Home / Vulnerability Intelligence / CVE-2025-70995

CVE-2025-70995 - Vulnerability Analysis

N/a

Last Updated: March 5, 2026

Aranda Service Desk Web Edition - Remote Code Execution

Published: March 5, 2026Updated: March 5, 2026PoC Available

Overview

Aranda Service Desk Web Edition ASDK API 8.6 contains a remote code execution caused by improper validation of uploaded files in /ASDKAPI/api/v8.6/item/addfile, letting authenticated attackers execute arbitrary code remotely, exploit requires authentication.

Severity & Score

Severity: N/a

Impact

Authenticated attackers can execute arbitrary code remotely, potentially leading to full server compromise.

Mitigation

Update to the latest version with proper file validation.

References

https://docs.arandasoft.com/asdk-api/pages/V1.9/descripcion/adjuntar_archivos.html
https://github.com/0xcronos/CVE/blob/main/CVE-2025-70995/README.md

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-70995
Severity: N/a
Type: unrestricted_file_upload
Status: new

CVSS Metrics

N/A