CVE-2025-23953

Name of the Vulnerable Software and Affected Versions Innovative Solutions user files versions n/a through 2.4.2

Description The issue allows an unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can potentially allow attackers to upload malicious web shells to web servers.

Recommendations For versions n/a through 2.4.2, consider disabling the file upload feature until a patch is available to prevent the upload of malicious files. Restrict access to the user files plugin to minimize the risk of exploitation. Avoid using the file upload functionality in the affected user files plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.