Primary

Context

Flexsense DiskBoss Unauthenticated File Upload Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Flexsense DiskBoss version 7.7.14. This issue allows unauthenticated attackers to upload arbitrary files through the 'Directory' field in the 'Search Files' command. Exploiting this vulnerability causes the application to crash.

Impact

Exploitation of this vulnerability leads to a crash of the DiskBoss application, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by uploading a file through the 'Directory' field in the 'Search Files' command. This can be done by copying a payload into the clipboard, opening the DiskBoss application, and pasting the clipboard content into the 'Directory' field. After confirming the input, the application will crash.

Added: Dec 5, 2025, 6:38 PM

Updated: Dec 5, 2025, 6:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

7.7

relevance

1.4

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

9.1

remediation

7.7

relevance

1.4

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flexsense DiskBoss Unauthenticated File Upload Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

Flexsense DiskBoss

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating