CVE-2025-67325

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution.

Vulnerability Details

Published Date

January 08, 2026

Last Modified

January 13, 2026

CWE ID

CWE-434

Source

NVD

External References

https://github.com/Qloapps/QloApps
https://github.com/mr7s3d0/CVE-2025-67325

CVE-2025-67325

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment