ZUSOART ID ZA-2025-15 CVE ID CVE-2025-31342 Vulnerability Type CWE-434: Unrestricted Upload of File with Dangerous Type CVSS 4.0 Base CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H(9.3) Description An unrestricted upload of file with dangerous type vulnerability exists in the file upload function of Galaxy Software Services Corporation's Vitals ESP Forum Module, affecting versions up to 1.3. This allows remote authenticated users to execute arbitrary system commands by uploading a malicious file. Vendor Galaxy Software Services Corporation Product Vitals ESP Forum Module Version affected Through 1.3 Product Support Contact Galaxy Software Services Corporation for version updates. Release date 2025/10/20 Credit Jian You Chen (Jeremy Chen) of ZUSO ART