CVE-2025-57795

Critical

Published: 28 January 2026

Published

28 January 2026

Modified

05 February 2026

KEV Added

—

Patch

—

CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0036 57.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57795 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Explorance Blue. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the vulnerability by requiring timely identification, reporting, and correction of flaws through patching to Explorance Blue version 8.14.13 or later as advised by the vendor.

SI-10 Information Input Validation good match

prevent

Validates inputs to the vulnerable web service to block arbitrary file path specifications that enable unauthorized remote file downloads and subsequent RCE.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations to prevent low-privilege authenticated users from accessing and downloading arbitrary files via the web service component.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Authenticated remote arbitrary file download in a web service exploits public-facing application (T1190) and enables collection of data from local system files (T1005), with potential for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution.

Deeper analysisAI

CVE-2025-57795 is an authenticated remote file download vulnerability in a web service component of Explorance Blue versions prior to 8.14.13. Published on 2026-01-28, this flaw allows attackers to download arbitrary files when exploited in default configurations, potentially leading to remote code execution. It carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and maps to CWE-434 (Unrestricted Upload of File with Dangerous Type).

Attackers with low-privilege authenticated access can exploit the vulnerability remotely over the network with low complexity and no user interaction. Exploitation changes the scope to high (S:C), granting high impacts on confidentiality, integrity, and availability, ultimately enabling remote code execution on the targeted system.

Advisories from Explorance and Mandiant provide mitigation guidance, including upgrading to Explorance Blue version 8.14.13 or later. Relevant resources include https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0004.md, https://online-help.explorance.com/blue/articles/security-advisories-(january-2026), https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57795, and https://www.explorance.com/products/blue.