CVE-2025-65806

Name of the Vulnerable Software and Affected Versions E-POINT CMS version eagle.gsam-1169.1

Description The software’s file upload feature does not properly manage nested archive files. An attacker can upload a nested ZIP archive, containing another ZIP archive with an executable file, such as a webshell.php. Extracting these archives can result in the executable being placed in a web-accessible directory, potentially leading to remote code execution (RCE), data disclosure, or account compromise. This occurs due to insufficient validation of archive contents and inadequate restrictions on where files are extracted.

Recommendations Apply updates to address the improper handling of nested archive files.