How severe is CVE-2025-3169?

This vulnerability has a severity rating of LOW with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2025-3169?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-3169

LOW Year: 2025

CVSS v3 Score

5.0

Medium

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that "this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web."

CVE-2016-0318

MEDIUM

CVSS:5.0(Medium)

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leve...

CWE-2842016

CVE-2016-5594

MEDIUM

CVSS:5.0(Medium)

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to af...

CWE-2842016

CVE-2020-26077

MEDIUM

CVSS:5.0(Medium)

A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are confi...

CWE-2842020

CVE-2023-26585

MEDIUM

CVSS:5.0(Medium)

Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.

CWE-2842023

CVE-2023-32063

MEDIUM

CVSS:5.0(Medium)

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to ins...

CWE-2842023

CVE-2024-11483

MEDIUM

CVSS:5.0(Medium)

A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issu...

CWE-2842024

CVE-2025-3169

Vulnerability Description

Related Vulnerabilities

CVE-2016-0318

CVE-2016-5594

CVE-2020-26077

CVE-2023-26585

CVE-2023-32063

CVE-2024-11483