CVE-2025-5178

Name of the Vulnerable Software and Affected Versions Realce Tecnologia Queue Ticket Kiosk up to 20250517

Description A critical vulnerability has been found in the Image File Handler component of the affected software, specifically in an unknown function of the file /adm/ajax.php. The manipulation of the files[] argument leads to unrestricted upload. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Realce Tecnologia Queue Ticket Kiosk up to 20250517, as a temporary workaround, consider restricting access to the /adm/ajax.php file and the Image File Handler component to minimize the risk of exploitation. Avoid using the files[] argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.