Home > Vulnerability Database > CVE-2025-52130

Mend.io Vulnerability Database

CVE-2025-52130

Good to know:

Date: August 24, 2025

File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.

Severity Score

5.4

Related Resources (4)

Url: https://github.com/SMEWebify/WebErpMesv2

Url: https://medium.com/@The_Hiker/wrong-variable-name-leads-to-rce-cve-2025-52130-8ff59a7d245c

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-52130

Url: https://www.mend.io/vulnerability-database/CVE-2025-52130

Severity Score

5.4

Weakness Type (CWE)

Incomplete Identification of Uploaded File Variables (PHP)

CWE-616

Top Fix

Upgrade Version

Upgrade to version https://github.com/SMEWebify/WebErpMesv2.git - no_fix

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-52130

Good to know:

Date: August 24, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?