PatchSiren cyber security CVE debrief
CVE-2025-10465 Birtech Information Technologies Industry and Trade Ltd. Co. CVE debrief
CVE-2025-10465 is a high-severity vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co.'s Sensaway application. The vulnerability, which has a CVSS score of 8.8, allows for the unrestricted upload of files with dangerous types, potentially enabling an attacker to upload a web shell to a web server. The issue affects Sensaway up to version 09022026. Due to the use of outdated technology, the manufacturer is unable to provide a fix for this vulnerability. Users are advised to contact the manufacturer and review updated products developed with newer technology.
- Vendor
- Birtech Information Technologies Industry and Trade Ltd. Co.
- Product
- Sensaway
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-09
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-02-09
- Advisory updated
- 2026-06-05
Who should care
Users of the Sensaway application, particularly those in industries that rely on secure file uploads, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is caused by an unrestricted upload of file with dangerous type in the Sensaway application. This could allow an attacker to upload a web shell to a web server, potentially leading to arbitrary code execution.
Defensive priority
High
Recommended defensive actions
- Contact the manufacturer to discuss potential mitigation strategies or updated products developed with newer technology.
- Review and implement secure file upload practices to prevent exploitation.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and affected versions.
Official resources
CVE-2025-10465 was published on 2026-02-09T14:16:39.763Z and modified on 2026-06-05T09:16:25.063Z.