PT-2025-16591 · Ready · Ready
Jakub Stankiewicz
+2
·
Published
2025-04-16
·
Updated
2025-04-20
·
CVE-2025-1980
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Ready versions installed at the turn of 2021 and 2022
Description
The issue allows users to upload files of any type and extension without restriction in the Profile section of the Ready application. If the server is misconfigured, it can result in Remote Code Execution. This misconfiguration was present by default in installations from late 2021 and early 2022.
Recommendations
For versions installed at the turn of 2021 and 2022, ensure proper server configuration to prevent Remote Code Execution, as described in the Required Configuration for Exposure section.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ready