CVE-2025-66837: Malicious File Upload

Q: What is the severity of CVE-2025-66837?

CVE-2025-66837 is classified as a critical vulnerability due to its potential to allow arbitrary code execution.

Q: How do I fix CVE-2025-66837?

To address CVE-2025-66837, ensure that you update ARIS to the latest version available from Software AG.

Q: What kind of attack is possible using CVE-2025-66837?

CVE-2025-66837 allows attackers to execute arbitrary code by uploading a specially crafted PDF file.

Q: Which versions of ARIS are affected by CVE-2025-66837?

CVE-2025-66837 affects ARIS version 10.0.23.0.3587512 and possibly earlier versions.

Q: How can attackers exploit CVE-2025-66837?

Attackers can exploit CVE-2025-66837 by uploading malicious PDF files to the vulnerable ARIS application.

Published Jan 7, 2026

Updated

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware

Affected Software

2 affected components

Software AG Aris

Softwareag Aris<=10.0.23.0.3587512

Event History

Jan 7, 2026

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Data Sourced

via NVD·05:16 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-66837?

CVE-2025-66837 is classified as a critical vulnerability due to its potential to allow arbitrary code execution.

How do I fix CVE-2025-66837?

To address CVE-2025-66837, ensure that you update ARIS to the latest version available from Software AG.

What kind of attack is possible using CVE-2025-66837?

CVE-2025-66837 allows attackers to execute arbitrary code by uploading a specially crafted PDF file.

Which versions of ARIS are affected by CVE-2025-66837?

CVE-2025-66837 affects ARIS version 10.0.23.0.3587512 and possibly earlier versions.

How can attackers exploit CVE-2025-66837?