External risk intelligence

Dongsheng Logistics Software allows attackers to take full control of your systems by uploading malicious files.

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2025-34163

An external attacker could run malicious code on servers running Dongsheng Logistics Software by uploading a crafted file. This could allow them to gain control of the system, potentially impacting sensitive logistics data and operations.

3Halo Surface Signal

Unrestricted File Upload

External exposure likelihood

Halo Surface Signal score for CVE-2025-34163

Dongsheng Logistics Software is a specialized enterprise application for logistics management. While it is web-based and has endpoints that can be reached over HTTP, these systems are primarily deployed internally or on private networks for supply chain operations. Public internet exposure is plausible for client-facing portals but is not the standard or guaranteed deployment pattern.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

This critical vulnerability in Dongsheng Logistics Software allows attackers to upload and execute malicious files, potentially giving them full control over the server. Because it doesn't require authentication and can be reached from the internet, it's a significant risk for organizations using this software.

  • Remote code execution is possible.
  • Leads to server compromise.
  • Unauthenticated access is sufficient.

Attack Path

How an attacker could exploit the issue

An attacker can abuse this flaw by uploading a web shell via an unauthenticated endpoint. This allows for remote code execution on the server, granting the attacker control.

  • No authentication required.
  • Target: `/CommMng/Print/UploadMailFile`.
  • Upload executable scripts.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows unauthenticated remote code execution through arbitrary file uploads to an unpatched Dongsheng Logistics Software endpoint, presenting a significant risk to affected systems. The exploitation was first observed in late July 2025, and while the vendor has released a fix, widespread patching is likely incomplete given the deferred status and undefined affected version range. Attackers are likely to target this vulnerability due to its ease of exploitation and high impact, especially in organizations relying on this specific logistics software.

  • Exploitation observed in July 2025.
  • Remote code execution is possible.
  • Affects unpatched builds.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize identifying and blocking inbound traffic to the unauthenticated `/CommMng/Print/UploadMailFile` endpoint, as it allows remote code execution and exploitation has been observed. Given the critical severity and active exploitation, immediately investigate all deployed Dongsheng Logistics Software instances to determine if they are affected and consider taking them offline or isolating them until a patch or reliable mitigation can be applied.

  • Block access to the vulnerable endpoint.
  • Inventory all Dongsheng Logistics Software instances.
  • Upgrade to a patched version when available.

Frequently asked questions

What is Dongsheng Logistics Software used for?

Dongsheng Logistics Software is a specialized enterprise application designed to manage and monitor the movement of goods throughout a supply chain. This includes planning, executing, and overseeing transportation, warehousing, and delivery operations. It helps businesses organize shipments, optimize routes, manage fleets, and provides visibility into logistical processes.

What is the CVE-2025-34163 vulnerability?

CVE-2025-34163 is a critical vulnerability in Dongsheng Logistics Software that allows unauthenticated attackers to upload arbitrary files, including executable scripts, to the server. This can lead to remote code execution and full system compromise. The weakness class is identified as CWE-434: Unrestricted Upload of File with Dangerous Type.

What must an attacker do to exploit CVE-2025-34163?

An attacker needs to send a crafted multipart/form-data POST request to an unauthenticated endpoint, specifically `/CommMng/Print/UploadMailFile`. This endpoint fails to properly validate file types and enforce access controls, enabling the upload of malicious files.

Who should be concerned about CVE-2025-34163?

Organizations using Dongsheng Logistics Software should be concerned, especially if their instances are internet-facing. The Halo Surface Signal indicates this software is primarily deployed internally, but public internet exposure is plausible for client-facing portals, making it a potential external threat.

What are the first steps to respond to CVE-2025-34163?

The immediate steps include identifying and blocking inbound traffic to the vulnerable `/CommMng/Print/UploadMailFile` endpoint. It is crucial to inventory all deployed instances of Dongsheng Logistics Software to determine if they are affected and consider isolating them until a patch can be applied.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified