VYPR
Critical severity9.1NVD Advisory· Published Aug 15, 2025· Updated Apr 15, 2026

CVE-2025-9060

CVE-2025-9060

Description

A vulnerability has been found in the  MSoft MFlash

application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash

administrators. The vulnerability is related to insufficient validation of parameters when setting up security components.

This issue affects MFlash v. 8.0 and possibly others. To mitigate apply 8.2-653 hotfix 11.06.2025 and above.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • MSoft/MFlashllm-create
    Range: <8.2-653 hotfix 11.06.2025

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.