CVE-2025-10267

Name of the Vulnerable Software and Affected Versions: NUP Portal (affected versions not specified)

Description: The NUP Portal application developed by NewType Infortech suffers from a missing authentication issue. This allows unauthenticated remote attackers to directly upload files to the system. Successful exploitation, bypassing file extension restrictions, could enable attackers to upload and execute webshells on the server.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.