2 matches found
CVE-2025-66838
The CVE describes an issue in ARIS prior to version 10.0.23.0.3587512 where the file upload function does not enforce rate limiting/throttling. This allows an attacker to upload a large volume of files at an unrestricted rate, potentially causing resource exhaustion such as disk space depletion, ...
CVE-2025-66837
CVE-2025-66837 concerns ARIS 10.0.23.0.3587512, where a file upload vulnerability in the upload handling could allow an attacker to execute arbitrary code by submitting a crafted PDF file containing malware. The NVD entry lists a CVSSv3.1 base score of 6.8 (Medium) with network attack vector, hig...