Primary

Context

MSoft MFlash Arbitrary Code Execution Vulnerability

Vulnerability

A vulnerability in the MSoft MFlash application allows for arbitrary code execution on the server. This issue arises from inadequate validation of parameters in the integration configuration feature, which is accessible only to MFlash administrators. The vulnerability affects MFlash version 8.0 and potentially other versions.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code on the server, potentially allowing an attacker to manipulate the server or its data, or to execute malicious payloads.

Remediation

Users can apply the 8.2-653 hotfix 11.06.2025 or later to address this vulnerability.

Added: Aug 15, 2025, 5:16 PM

Updated: Aug 15, 2025, 5:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MSoft MFlash Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating