PT-2026-3956 · Tms Global · Management Console
Published
2026-01-22
·
Updated
2026-01-25
·
CVE-2025-69828
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TMS Global Software TMS Management Console version 6.3.7.27386.20250818
Description
A file upload issue exists in TMS Global Software TMS Management Console. A remote attacker can potentially execute arbitrary code by uploading a malicious Logo file through the
/Customer/AddEdit endpoint. The vulnerability involves the Logo upload functionality.Recommendations
Apply a fix or patch to address the file upload issue in TMS Global Software TMS Management Console version 6.3.7.27386.20250818.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Management Console