Cyber Posture

CVE-2025-57795

Critical

Published: 28 January 2026

Published
28 January 2026
Modified
05 February 2026
KEV Added
Patch
CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0036 57.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the vulnerability by requiring timely identification, reporting, and correction of flaws through patching to Explorance Blue version 8.14.13 or later as advised by the vendor.

SI-10 Information Input Validation good match
prevent

Validates inputs to the vulnerable web service to block arbitrary file path specifications that enable unauthorized remote file downloads and subsequent RCE.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations to prevent low-privilege authenticated users from accessing and downloading arbitrary files via the web service component.

Security SummaryAI

CVE-2025-57795 is an authenticated remote file download vulnerability in a web service component of Explorance Blue versions prior to 8.14.13. Published on 2026-01-28, this flaw allows attackers to download arbitrary files when exploited in default configurations, potentially leading to remote code execution. It carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and maps to CWE-434 (Unrestricted Upload of File with Dangerous Type).

Attackers with low-privilege authenticated access can exploit the vulnerability remotely over the network with low complexity and no user interaction. Exploitation changes the scope to high (S:C), granting high impacts on confidentiality, integrity, and availability, ultimately enabling remote code execution on the targeted system.

Advisories from Explorance and Mandiant provide mitigation guidance, including upgrading to Explorance Blue version 8.14.13 or later. Relevant resources include https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0004.md, https://online-help.explorance.com/blue/articles/security-advisories-(january-2026), https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57795, and https://www.explorance.com/products/blue.

Details

CWE(s)
CWE-434

Affected Products

explorance
blue
≤ 8.14.13

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Authenticated remote arbitrary file download in a web service exploits public-facing application (T1190) and enables collection of data from local system files (T1005), with potential for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References