PatchSiren cyber security CVE debrief
CVE-2025-34163 Qingdao Dongsheng Weiye Software Co., Ltd. CVE debrief
CVE-2025-34163 is a critical unauthenticated arbitrary file upload vulnerability in Dongsheng Logistics Software. The vulnerable endpoint `/CommMng/Print/UploadMailFile` accepts multipart/form-data POST requests without proper file type validation or access control, allowing attackers to upload executable scripts such as `.ashx` files. This enables remote code execution with potential for full system compromise. The vulnerability carries a CVSS 4.0 score of 10.0 (Critical). Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-23 UTC, approximately five weeks before the CVE was published. The vulnerability is presumed to affect builds released prior to July 2025; newer versions are believed to contain remediation, though exact affected version ranges remain undefined. The NVD record status is currently 'Deferred' as of the 2026-05-26 modification.
- Vendor
- Qingdao Dongsheng Weiye Software Co., Ltd.
- Product
- Dongsheng Logistics Software
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-08-27
- Original CVE updated
- 2026-05-26
- Advisory published
- 2025-08-27
- Advisory updated
- 2026-05-26
Who should care
Organizations running Dongsheng Logistics Software; security teams monitoring supply chain and logistics software; incident responders tracking in-the-wild exploitation of file upload vulnerabilities; web application security teams responsible for input validation controls
Technical summary
The vulnerability exists in an unauthenticated file upload endpoint that fails to validate file types or enforce access controls. Attackers can upload executable ASP.NET handler files (.ashx) that execute server-side code upon request. The endpoint accepts multipart/form-data POST requests without authentication, making exploitation trivial. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and high impact across confidentiality, integrity, and availability dimensions for both the vulnerable component and subsequent systems.
Defensive priority
CRITICAL
Recommended defensive actions
- Block or restrict access to the `/CommMng/Print/UploadMailFile` endpoint at the network perimeter until patching is confirmed
- Implement strict file type validation and extension whitelisting on all file upload endpoints, rejecting executable script types including .ashx
- Apply principle of least privilege to web application processes to limit impact of potential code execution
- Monitor for suspicious file upload activity and unexpected .ashx or other script files in upload directories
- Contact Dongshengsoft vendor support to obtain definitive patched version information and apply updates when available
- Review web server and application logs for indicators of compromise dating back to 2025-07-23 UTC
Evidence notes
Exploitation observed in the wild by Shadowserver Foundation on 2025-07-23 UTC, predating CVE publication by approximately five weeks. Vendor evidence points to Dongshengsoft as the affected vendor based on reference domain analysis, though confidence is low and requires review.
Official resources
2025-08-27