Vulnerabilities > CVE-2025-0473 - Incomplete Cleanup vulnerability in Sigb PMB

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sigb

CWE-459

NVD

Published: 2025-01-16

Updated: 2025-05-07

Summary

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to ‘/pmb/authorities/import/iimport_authorities’. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.

Vulnerable Configurations

Part	Description	Count
Application	Sigb Sigb PMB 4.0.10 Sigb PMB 4.0.11 Sigb PMB 4.0.12 Sigb PMB 4.0.13 Sigb PMB 4.1.2 Sigb PMB 4.1.3 Sigb PMB 4.1.4 Sigb PMB 4.1.5 Sigb PMB 4.1.6 Sigb PMB 4.1.7 Sigb PMB 4.1.8 Sigb PMB 4.1.9 Sigb PMB 4.2.1 Sigb PMB 4.2.2 Sigb PMB 4.2.3 Sigb PMB 4.2.4 Sigb PMB 4.2.6 Sigb PMB 4.2.7 Sigb PMB 4.2.8 Sigb PMB 4.2.9 Sigb PMB 4.2.10 Sigb PMB 4.2.11 Sigb PMB 4.2.12 Sigb PMB 4.2.13 Sigb PMB 4.2.14 Sigb PMB 5.0 Sigb PMB 5.0.1 Sigb PMB 5.0.2 Sigb PMB 5.0.3 Sigb PMB 5.0.4 Sigb PMB 5.0.5 Sigb PMB 5.0.6 Sigb PMB 5.0.7 Sigb PMB 5.0.9 Sigb PMB 5.0.10 Sigb PMB 5.0.11 Sigb PMB 5.0.12 Sigb PMB 7.0 Sigb PMB 7.3 Sigb PMB 7.3.1 Sigb PMB 7.3.2 Sigb PMB 7.3.3 Sigb PMB 7.3.4 Sigb PMB 7.3.6 Sigb PMB 7.3.7 Sigb PMB 7.3.9 Sigb PMB 7.3.10 Sigb PMB 7.3.11 Sigb PMB 7.3.13 Sigb PMB 7.3.14 Sigb PMB 7.3.15 Sigb PMB 7.3.16 Sigb PMB 7.3.17 Sigb PMB 7.3.18 Sigb PMB 7.4 Sigb PMB 7.4.1 Sigb PMB 7.4.3 Sigb PMB 7.4.4 Sigb PMB 7.4.5 Sigb PMB 7.4.6 Sigb PMB 7.4.7 Sigb PMB 7.4.8 Sigb PMB 7.4.9 Sigb PMB 7.5.1 Sigb PMB 7.5.2 Sigb PMB 7.5.3 Sigb PMB 7.5.4 Sigb PMB 7.5.5 Sigb PMB 7.5.6-2 Sigb PMB 7.5.7 Sigb PMB 7.5.8 Sigb PMB 8.0.0 Sigb PMB 8.0.1.0 Sigb PMB 8.0.1.1 Sigb PMB 8.0.1.2 Sigb PMB 8.0.1.3	78

Common Weakness Enumeration (CWE)

CWE-459 - Incomplete Cleanup

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform