Cyber Resilience

CVE-2025-57795

Critical

Published: 28 January 2026

Published
28 January 2026
Modified
05 February 2026
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0054 41.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-57795 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Explorance Blue. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-57795 is an authenticated remote file download vulnerability in a web service component of Explorance Blue versions prior to 8.14.13. Published on 2026-01-28, this flaw allows attackers to download arbitrary files when exploited in default configurations, potentially leading to remote code execution. It carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and maps to CWE-434 (Unrestricted Upload of File with Dangerous Type).

Attackers with low-privilege authenticated access can exploit the vulnerability remotely over the network with low complexity and no user interaction. Exploitation changes the scope to high (S:C), granting high impacts on confidentiality, integrity, and availability, ultimately enabling remote code execution on the targeted system.

Advisories from Explorance and Mandiant provide mitigation guidance, including upgrading to Explorance Blue version 8.14.13 or later. Relevant resources include https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2026/MNDT-2026-0004.md, https://online-help.explorance.com/blue/articles/security-advisories-(january-2026), https://online-help.explorance.com/blue/articles/security-advisory:-cve-2025-57795, and https://www.explorance.com/products/blue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Authenticated remote arbitrary file download in a web service exploits public-facing application (T1190) and enables collection of data from local system files (T1005), with potential for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-57794Same product: Explorance Blue
CVE-2025-57792Same product: Explorance Blue
CVE-2025-57793Same product: Explorance Blue
CVE-2024-8958Shared CWE-434
CVE-2020-37117Shared CWE-434
CVE-2025-12352Shared CWE-434
CVE-2026-1730Shared CWE-434
CVE-2025-13067Shared CWE-434
CVE-2025-54449Shared CWE-434
CVE-2025-1070Shared CWE-434

Affected Assets

explorance
blue
≤ 8.14.13

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely identification, reporting, and correction of flaws through patching to Explorance Blue version 8.14.13 or later as advised by the vendor.

prevent

Validates inputs to the vulnerable web service to block arbitrary file path specifications that enable unauthorized remote file downloads and subsequent RCE.

prevent

Enforces approved authorizations to prevent low-privilege authenticated users from accessing and downloading arbitrary files via the web service component.

References