CVE-2025-60947 Census CVE debrief

Who should care

System administrators and security teams responsible for Census CSWeb installations should be aware of this vulnerability. Given the high CVSS score of 8.8, this issue should be prioritized for immediate attention. Organizations using Census CSWeb 8.0.1 or earlier should take steps to mitigate the risk of exploitation.

Technical summary

CVE-2025-60947 is a high-severity vulnerability in Census CSWeb 8.0.1 that allows for arbitrary file uploads. An authenticated remote attacker could leverage this vulnerability to upload malicious files, potentially leading to remote code execution. The vulnerability's CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability. The issue was fixed in version 8.1.0 alpha. The vulnerability's details are documented in the CVE record and the National Vulnerability Database (NVD).

Defensive priority

High priority should be given to updating Census CSWeb to version 8.1.0 alpha or later. In the meantime, defenders should monitor for suspicious file upload activity and restrict access to the CSWeb application to minimize the attack surface.

Recommended defensive actions

• Update Census CSWeb to version 8.1.0 alpha or later.
• Monitor for suspicious file upload activity.
• Restrict access to the CSWeb application.
• Implement additional security measures to detect and prevent malicious file uploads.
• Review and update incident response plans to address potential exploitation.

Evidence notes

The source item provided is a CISA CSAF advisory detailing the vulnerability in Census CSWeb. The advisory confirms that the issue allows for arbitrary file uploads and provides details on the affected versions and the fix in version 8.1.0 alpha. Additional information can be found in the CVE record and the NVD.

Official resources