What is CVE-2018-25409?

CVE-2018-25409 is a high-severity vulnerability in Simpkh Sim-pkh, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2026-05-30.

How severe is CVE-2018-25409?

High severity. CVSS v3 base score is 8.8 out of 10.

Arbitrary file upload in Simpkh Sim-pkh

CVE-2018-25409

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksi_pengurus.php endp…

Vulnerability class: Unrestricted File Upload

EPSS: 0.000 (15.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Simpkh Sim-pkh — versions 2.4.1

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2018-25409?: CVE-2018-25409 is a high-severity vulnerability in Simpkh Sim-pkh, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2026-05-30.
How severe is CVE-2018-25409?: High severity. CVSS v3 base score is 8.8 out of 10.