CVE-2025-10465

8.8 HIGH

Published 2026-02-09 · Modified 2026-02-09 · Awaiting Analysis

Quick Summary

A vulnerability in Sensaway software allows an attacker to upload any type of file, including malicious web shells, to the server. This is a critical flaw because it can give attackers full control over the affected system.

Who is affected

All Sensaway installations through version 09022026 are affected. An attacker exploiting this could execute arbitrary code, steal data, or take over the web server.

Recommended fix

Since the vendor has not provided a patch, users should immediately restrict or disable the file upload functionality. If possible, isolate the Sensaway application behind a firewall and monitor for any unauthorized file uploads.

Technical Description

Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Attack Vector

NETWORK

Complexity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-434

References

https://www.usom.gov.tr/bildirim/tr-26-0022