A critical vulnerability has been identified in the RomanCode MapSVG software, which allows an unauthenticated attacker to upload a malicious file, known as a web shell, to the web server. Successful exploitation could lead to a complete compromise of the affected server, enabling the attacker to steal data, disrupt services, or use the server for further malicious activities. Due to the high severity (CVSS 9.9), immediate remediation is required to prevent potential system takeover.

The vulnerability is an "Unrestricted Upload of File with Dangerous Type." The MapSVG software fails to adequately validate the type of files being uploaded to the server. An attacker can exploit this flaw by crafting a malicious, executable script (e.g., a PHP, ASP, or JSP file) and uploading it to a location accessible from the web. By subsequently navigating to the URL of the uploaded file, the attacker can execute arbitrary code on the server with the permissions of the web server process, leading to a full system compromise.

This vulnerability is rated as critical severity with a CVSS score of 9.9. A successful exploit would grant an attacker complete control over the web server hosting the MapSVG software. The business impact includes, but is not limited to, the theft or exfiltration of sensitive company or customer data, unauthorized modification of website content, complete service disruption, and reputational damage. The compromised server could also be used as a pivot point to launch further attacks against the internal network or be leveraged in botnets for malicious campaigns.

Immediate Action: Immediately update all instances of the RomanCode MapSVG software to a version later than 8.7.3, as recommended by the vendor. After patching, it is crucial to monitor for any signs of post-exploitation activity and thoroughly review web server access logs for suspicious file uploads or access attempts that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring on affected web servers. Security teams should look for suspicious file uploads to directories used by MapSVG, particularly files with executable extensions (e.g., .php, .phtml, .aspx, .jsp). Monitor for unusual outbound network traffic from the web server, unexpected processes running under the web server's user account, and review web access logs for requests to non-standard files in upload directories.

Compensating Controls: If patching cannot be performed immediately, consider the following compensating controls:

• Deploy a Web Application Firewall (WAF) with rules to inspect and block the upload of executable file types.
• If feasible, disable the file upload functionality within MapSVG until the patch can be applied.
• Configure the web server to disallow script execution within the file upload directory (e.g., via an .htaccess file or web.config).
• Implement file integrity monitoring to alert on the creation of new, unauthorized files in the web root.

Public Exploit Available: False

Given the critical CVSS score of 9.9, this vulnerability represents a significant and immediate threat to the organization. The recommended course of action is to patch all affected instances of RomanCode MapSVG without delay. Although this CVE is not currently on the CISA KEV (Known Exploited Vulnerabilities) list, its high severity makes it a prime target for opportunistic and targeted attacks. Organizations should prioritize this update and conduct a threat hunt to ensure their systems have not already been compromised.