PT-2025-31995 · Dell · Dell Kace K1000 System Management Appliance
Published
2025-08-05
·
Updated
2025-08-05
·
CVE-2014-125113
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Dell KACE K1000 System Management Appliance versions 5.0 through 5.3
Dell KACE K1000 System Management Appliance versions 5.4 prior to 5.4.76849
Dell KACE K1000 System Management Appliance versions 5.5 prior to 5.5.90547
Description
An unrestricted file upload issue exists in the
download agent.php endpoint of the Dell KACE K1000 System Management Appliance. An attacker can upload arbitrary PHP files to a web-accessible temporary directory. These files are then executed when included in backend code that loads files from attacker-controlled paths.Recommendations
Dell KACE K1000 System Management Appliance versions 5.0 through 5.3: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Dell KACE K1000 System Management Appliance versions 5.4 prior to 5.4.76849: Upgrade to version 5.4.76849 or later.
Dell KACE K1000 System Management Appliance versions 5.5 prior to 5.5.90547: Upgrade to version 5.5.90547 or later.
Missing Authentication
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dell Kace K1000 System Management Appliance