How severe is CVE-2025-28168?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2025-28168?

This is classified as CWE-602, which is a common weakness in software security.

CVE-2025-28168 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension restrictions and upload arbitrary files. NOTE: this is a third-party component that is not supplied or supported by OutSystems.

Related Vulnerabilities

CVE-2024-42340

MEDIUM

CVSS:4.3(Medium)

CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security

CWE-6022024

CVE-2024-52960

MEDIUM

CVSS:4.3(Medium)

A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least re...

CWE-6022024

CVE-2024-6831

MEDIUM

CVSS:4.4(Medium)

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has re...

CWE-6022024

CVE-2023-20106

LOW

CVSS:3.8(Low)

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabil...

CWE-6022023

CVE-2025-4527

MEDIUM

CVSS:3.7(Low)

A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation l...

CWE-6022025

CVE-2023-20172

MEDIUM

CVSS:4.9(Medium)

CWE-6022023