CVE-2025-67260 in TKServerCGI
Summary
by MITRE • 03/20/2026
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/27/2026
The CVE-2025-67260 vulnerability represents a critical file upload flaw within the Terrapack software suite developed by ASTER TEC / ASTER S.p.A. This vulnerability affects multiple components including Terrapack TkWebCoreNG version 1.0.20200914, Terrapack TKServerCGI version 2.5.4.150, and Terrapack TpkWebGIS Client version 1.0.0. The vulnerability stems from insufficient validation of file uploads within the web interface, creating a pathway for malicious actors to bypass security controls and upload potentially harmful files to the target system. This issue falls under the CWE-434 category of Unrestricted Upload of File with Dangerous Type, which is classified as a high-risk vulnerability due to its potential for arbitrary code execution. The affected software components are part of a broader web-based infrastructure that handles geospatial data processing and web services, making the attack surface particularly significant for organizations relying on GIS applications.
The technical exploitation of this vulnerability occurs when an attacker successfully uploads a malicious file through the web interface without proper validation checks. The flaw allows for the execution of arbitrary code on the target system, potentially enabling attackers to gain full control over the affected server or application. This type of vulnerability is particularly dangerous because it can be exploited remotely without requiring authentication, as the file upload functionality is typically exposed to unauthenticated users. The vulnerability is classified as a remote code execution threat under the MITRE ATT&CK framework, specifically mapping to the T1505.003 technique for "Server Software Component" and T1059.007 for "Command and Scripting Interpreter". Attackers can leverage this vulnerability to deploy web shells, install backdoors, or execute malicious payloads that can persist across system reboots, making the compromise particularly persistent and difficult to detect.
The operational impact of this vulnerability extends beyond immediate code execution capabilities, as it can lead to complete system compromise and data exfiltration. Organizations using the affected Terrapack components face significant risk of unauthorized access to their geospatial databases, web services, and associated infrastructure. The vulnerability can result in service disruption, data loss, and potential regulatory compliance violations, especially for organizations in sectors requiring strict data protection measures such as government agencies, utilities, or defense contractors. The affected software components are commonly deployed in enterprise environments where GIS data processing and web-based mapping services are critical, making the potential impact on business operations substantial. Security teams must consider the possibility of lateral movement within the network once initial access is achieved, as attackers can use the compromised system as a foothold to explore and attack other connected systems.
Mitigation strategies for CVE-2025-67260 should include immediate patching of all affected components to the latest available versions from ASTER TEC. Organizations should implement comprehensive file upload validation mechanisms that restrict file types, enforce strict content checking, and implement proper file naming conventions to prevent execution of malicious payloads. Network segmentation and web application firewalls should be deployed to monitor and restrict access to vulnerable endpoints. The implementation of principle of least privilege access controls and regular security audits of web applications can help detect and prevent exploitation attempts. Additionally, organizations should conduct comprehensive vulnerability assessments of their entire software stack to identify other potential vulnerabilities that may be similar in nature to this flaw. Security monitoring should include detection of unusual file upload activities and anomalous behavior patterns that could indicate exploitation attempts, as the vulnerability's exploitation typically involves uploading and executing malicious files through the web interface, which creates detectable network traffic patterns and system artifacts.