CVE-2025-10009

Q: How severe is CVE-2025-10009?

CVSS scoring is not yet available for CVE-2025-10009. Check NVD for updates.

Q: Is there a patch for CVE-2025-10009?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.

Vulnerability Description

Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files.

Related Weaknesses (CWE)

CWE-434

References

https://github.com/invoiceninja/invoiceninja/commit/02151b570b226b4584a8e61b06b1

FAQ

What is CVE-2025-10009?

CVE-2025-10009 is a documented vulnerability. Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files...

How severe is CVE-2025-10009?

CVSS scoring is not yet available for CVE-2025-10009. Check NVD for updates.

Is there a patch for CVE-2025-10009?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.