Primary

Context

Narkom Pyxis Signage Unrestricted File Upload Vulnerability Allowing ACL Bypass

Vulnerability

A vulnerability allowing unrestricted upload of files with dangerous types has been identified in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage, affecting versions through 31012025. This vulnerability allows access to functionalities that are not properly constrained by Access Control Lists (ACLs).

Impact

Exploitation of this vulnerability could lead to unauthorized access to functionalities, bypassing established access controls.

Remediation

Users and system administrators are advised to upgrade to the version released on or after 30 January 2025.

Added: Nov 20, 2025, 3:51 PM

Updated: Nov 20, 2025, 3:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Narkom Pyxis Signage Unrestricted File Upload Vulnerability Allowing ACL Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating