PT-2025-42219 · Smartbi · Smartbi
Published
2025-10-15
·
Updated
2025-10-15
·
CVE-2023-7305
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
SmartBI versions 8 through 10
Description
SmartBI versions 8, 9, and 10 have an unrestricted file upload issue in the RMIServlet request handling logic. Attackers can send crafted requests to perform sensitive operations or execute code on the host. The Rondo botnet has been observed targeting this issue.
Recommendations
Update to a version released in July 2023 or later.
Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smartbi