Medium severity6.4NVD Advisory· Published May 5, 2025· Updated Jun 17, 2026
CVE-2025-28168
CVE-2025-28168
Description
The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension restrictions and upload arbitrary files. NOTE: this is a third-party component that is not supplied or supported by OutSystems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.1.0
- Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.