CVE-2025-0473 — MEDIUM (6.5)

Vulnerability Description

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to ‘/pmb/authorities/import/iimport_authorities’. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sigb	Pmb	>= 4.0.10

Related Weaknesses (CWE)

CWE-459

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-Third Party Advisory

FAQ

What is CVE-2025-0473?

CVE-2025-0473 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on t...

How severe is CVE-2025-0473?

CVE-2025-0473 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-0473?

Check the references section above for vendor advisories and patch information. Affected products include: Sigb Pmb.