CRITICAL
Qingdao Dongsheng Weiye Software Co., Ltd.
CVE published 2025-08-27
CVE-2025-34163
CVE-2025-34163 is a critical unauthenticated arbitrary file upload vulnerability in Dongsheng Logistics Software. The vulnerable endpoint `/CommMng/Print/UploadMailFile` accepts multipart/form-data POST requests without proper file type validation or access control, allowing attackers to upload executable scripts such as `.ashx` files. This enables remote code execution with potential for full system comp [truncated]