CVE-2025-26350
📋 TL;DR
This vulnerability allows authenticated remote attackers to upload malicious files to Q-Free MaxTime systems via template file uploads. Attackers can potentially execute arbitrary code or compromise the system by uploading dangerous file types. All users running Q-Free MaxTime version 2.11.0 or earlier are affected.
💻 Affected Systems
- Q-Free MaxTime
📦 What is this software?
Maxtime by Q Free
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or ransomware deployment
Likely Case
File upload leading to web shell installation, data exfiltration, or lateral movement within the network
If Mitigated
Limited impact with proper file type validation and authentication controls in place
🎯 Exploit Status
Exploitation requires authenticated access; vulnerability details are publicly disclosed
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.11.1 or later
Vendor Advisory: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26350
Restart Required: Yes
Instructions:
1. Contact Q-Free for updated version 2.11.1 or later. 2. Backup current configuration. 3. Install the updated version. 4. Restart the MaxTime service. 5. Verify functionality.
🔧 Temporary Workarounds
Restrict file upload types
allImplement server-side validation to only allow specific safe file extensions for template uploads
Configure web server to reject uploads of .php, .asp, .jsp, .exe, .bat, .sh, and other executable file types
Implement file upload quarantine
allUpload files to isolated directory with strict permissions and scan before processing
Set upload directory permissions to read-only for web user
Implement antivirus scanning on uploaded files
🧯 If You Can't Patch
- Disable template upload functionality entirely if not required
- Implement network segmentation to isolate MaxTime systems from critical assets
🔍 How to Verify
Check if Vulnerable:
Check MaxTime version in administration interface; if version is 2.11.0 or earlier, system is vulnerableCheck Version:
Check MaxTime web interface → Administration → System InformationVerify Fix Applied:
Verify version is 2.11.1 or later and test template upload functionality with malicious file types📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to template directories
- Uploads of executable file types (.php, .exe, etc.)
- Multiple failed upload attempts
Network Indicators:
- HTTP POST requests to template upload endpoints with unusual file extensions
- Traffic patterns indicating file upload exploitation
SIEM Query:
source="maxtime" AND (url="*upload*" OR url="*template*") AND (file_ext="php" OR file_ext="exe" OR file_ext="bat" OR file_ext="sh")