CVE-2025-70995
CVE-2025-70995 concerns Aranda Service Desk Web Edition (ASDK API 8.6). An authenticated user can upload a crafted web.config via POST to /ASDKAPI/api/v8.6/item/addfile, which is processed by the ASP.NET runtime, altering the upload directory’s execution context to allow compilation and execution...