PatchSiren cyber security CVE debrief
CVE-2025-67260 ASTER TEC / ASTER S.p.A. CVE debrief
CVE-2025-67260 is a high-severity vulnerability in Terrapack software, with a CVSS score of 8.8. The affected components include Terrapack TkWebCoreNG version 1.0.20200914, Terrapack TKServerCGI version 2.5.4.150, and Terrapack TpkWebGIS Client version 1.0.0. This vulnerability may allow attackers to execute arbitrary code via a file upload vulnerability. Organizations using Terrapack software, specifically the mentioned vulnerable components, should prioritize patching this vulnerability to prevent potential arbitrary code execution. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability.
- Vendor
- ASTER TEC / ASTER S.p.A.
- Product
- Terrapack
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-20
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-03-20
- Advisory updated
- 2026-07-05
Who should care
Organizations using Terrapack software, specifically the mentioned vulnerable components, should prioritize patching this vulnerability to prevent potential arbitrary code execution.
Technical summary
The Terrapack software from ASTER TEC / ASTER S.p.A. has a file upload vulnerability in multiple components. The vulnerability has been assigned a CVSS score of 8.8 and is considered HIGH severity. The affected components and their versions are: Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability.
Defensive priority
High priority should be given to patching the vulnerable Terrapack components to prevent potential exploitation.
Recommended defensive actions
- Apply patches or updates provided by the vendor for the affected Terrapack components.
- Restrict access to the vulnerable components until patches are applied.
- Monitor for any suspicious activity related to file uploads in the Terrapack software.
- Consider implementing additional security controls, such as web application firewalls, to help mitigate the risk.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
Evidence notes
The CVE record was published on 2026-03-20T16:16:16.490Z and was last modified on 2026-07-05T17:17:26.550Z. The NVD entry is currently Modified. The evidence basis for this CVE is limited to the information provided by the NVD and CVE.org. Defenders should verify the affected scope and severity with the vendor and review the official advisory for guidance. The vulnerability's impact on confidentiality, integrity, and availability is considered high.
Official resources
-
CVE-2025-67260 CVE record
CVE.org
-
CVE-2025-67260 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Source reference
[email protected] - Not Applicable
-
Source reference
[email protected] - Broken Link
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-20T16:16:16.490Z and has not been modified since then. The NVD entry is currently Modified.