CVE-2025-40625
Published: 06 May 2025
Summary
CVE-2025-40625 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Tcman Gim. Its CVSS base score is 9.3 (Critical).
Operationally, ranked in the top 14.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2025-40625 is an unrestricted file upload vulnerability, tracked under CWE-434, that affects TCMAN GIM version 11. The flaw permits arbitrary files, including executable content, to be written to the server without any type or content restrictions.
An unauthenticated remote attacker can exploit the issue over the network by directly uploading a malicious file. Successful exploitation grants the attacker remote code execution with full control over the affected server, corresponding to the CVSS 9.3 rating that reflects no required authentication or user interaction.
The sole referenced advisory from INCIBE describes multiple vulnerabilities in the same product but provides no further mitigation details in the available record. The associated EPSS score has remained flat at 0.0229 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-13575
- 🇪🇸 INCIBE: www.incibe.es
Vulnerability details
Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.
Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.
Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.
Scans files from external sources on download/open/execute, blocking unrestricted uploads of dangerous file types.