CVE-2025-0984

Name of the Vulnerable Software and Affected Versions Netoloji Software E-Flow versions prior to 3.23.00

Description The issue affects Netoloji Software E-Flow, allowing unrestricted upload of files with dangerous types and improper neutralization of input during web page generation, which can lead to Stored XSS and File Content Injection. This can enable accessing functionality not properly constrained by ACLs.

Recommendations For versions prior to 3.23.00, update to version 3.23.00 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only allow safe file types and disabling any functionality that allows uploading files with dangerous types until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.