{"api_version":"1","generated_at":"2026-04-24T18:10:06+00:00","cve":"CVE-2023-25909","urls":{"html":"https://cve.report/CVE-2023-25909","api":"https://cve.report/api/cve/CVE-2023-25909.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-25909","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-25909"},"summary":{"title":"CVE-2023-25909","description":"HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.","state":"PUBLIC","assigner":"cve@cert.org.tw","published_at":"2023-03-27 04:15:00","updated_at":"2023-03-31 14:22:00"},"problem_types":["CWE-434"],"metrics":[],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-6973-45872-1.html","name":"N/A","refsource":"CONFIRM","tags":[],"title":"TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報-桓基科技HGiga OAKlouds - Arbitrary File Upload","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-25909","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25909","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"25909","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hgiga","cpe5":"oaklouds_portal","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"AKA":"TWCERT/CC","ASSIGNER":"cve@cert.org.tw","DATE_PUBLIC":"2023-03-02T05:55:00.000Z","ID":"CVE-2023-25909","STATE":"PUBLIC","TITLE":"HGiga Inc. OAKlouds - Arbitrary File Upload"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"HGiga OAKlouds","version":{"version_data":[{"version_affected":"=","version_value":"2"},{"version_affected":"=","version_value":"3"}]}}]},"vendor_name":"HGIGA INC."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-434: Unrestricted Upload of File with Dangerous Type"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.twcert.org.tw/tw/cp-132-6973-45872-1.html","name":"https://www.twcert.org.tw/tw/cp-132-6973-45872-1.html"}]},"solution":[{"lang":"eng","value":"- Update OAKlouds-layout-2.0 to OAKlouds-layout-2.0-10\n- Update OAKlouds-layout-3.0 to OAKlouds-layout-3.0-10"}],"source":{"advisory":"TVN-202303001","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2023-03-27 04:15:00","lastModifiedDate":"2023-03-31 14:22:00","problem_types":["CWE-434"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hgiga:oaklouds_portal:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.0-10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hgiga:oaklouds_portal:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0","versionEndExcluding":"2.0-10","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}