CVE-2025-10741

Name of the Vulnerable Software and Affected Versions Selleo Mentingo versions prior to 2025.08.28

Description A security issue has been identified in Selleo Mentingo. The vulnerability resides in an unknown function within the Profile Picture Handler component. Manipulation of the userAvatar argument allows for unrestricted file upload, and the attack can be performed remotely. The exploit has been publicly disclosed, and the vendor was notified but did not respond.

Recommendations Versions prior to 2025.08.28: Restrict or disable the use of the Profile Picture Handler component until a resolution is available. Avoid uploading files through the userAvatar argument.