Primary

Context

Docmosis Tornado Remote Code Execution Vulnerability via Crafted Script to UNC Path

Vulnerability

Patched

A remote code execution vulnerability exists in Docmosis Tornado versions through 2.9.7. The issue arises when a remote attacker sends a crafted script to the UNC path input, exploiting the application's handling of path normalization. This vulnerability can be bypassed by URL encoding certain characters, allowing malicious scripts to be executed.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Docmosis Tornado is running.

Reproduction

To reproduce this vulnerability, send a request to the UNC path input with a script payload. URL encode the payload to bypass the application's input restrictions. After the request is processed, the injected script will be executed on the server.

Remediation

Users can update to Docmosis Tornado version 2.10.0 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.5

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.5

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Docmosis Tornado Remote Code Execution Vulnerability via Crafted Script to UNC Path

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Docmosis Tornado

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating