CVE-2025-5178 – This critical vulnerability in Realce Tecnologi... (How to Fix)

Q: What is the severity of CVE-2025-5178?

CVE-2025-5178 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in Realce Tecnologia Queue Ticket Kiosk allows remote attackers to upload arbitrary files without restrictions via the /adm/ajax.php endpoint. Attackers can exploit this to upload malicious files, potentially leading to remote code execution or system compromise. All systems running Queue Ticket Kiosk up to version 20250517 are affected.

📋 TL;DR

This critical vulnerability in Realce Tecnologia Queue Ticket Kiosk allows remote attackers to upload arbitrary files without restrictions via the /adm/ajax.php endpoint. Attackers can exploit this to upload malicious files, potentially leading to remote code execution or system compromise. All systems running Queue Ticket Kiosk up to version 20250517 are affected.

💻 Affected Systems

Products:

Realce Tecnologia Queue Ticket Kiosk

Versions: Up to and including 20250517

Operating Systems: Any OS running the vulnerable software

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable component enabled are affected; no special configuration required

📦 What is this software?

Queue Ticket Kiosk by Realcetecnologia

View all CVEs affecting Queue Ticket Kiosk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system takeover, data theft, or ransomware deployment

🟠

Likely Case

Webshell upload enabling persistent backdoor access and lateral movement within the network

🟢

If Mitigated

File upload blocked, preventing exploitation but potentially disrupting legitimate functionality

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication

🏢 Internal Only: MEDIUM - Still exploitable from internal networks but attack surface is reduced

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple file upload manipulation with no authentication required makes exploitation trivial

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor did not respond to disclosure

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative software.

🔧 Temporary Workarounds

Block access to vulnerable endpoint

all

Restrict access to /adm/ajax.php via web server configuration or firewall rules

# Apache: <Location /adm/ajax.php> Require all denied </Location>
# Nginx: location /adm/ajax.php { deny all; }

File upload restrictions

all

Implement strict file type validation and size limits for uploads

🧯 If You Can't Patch

Isolate the Queue Ticket Kiosk system in a restricted network segment
Implement web application firewall (WAF) rules to block malicious file upload patterns

🔍 How to Verify

Check if Vulnerable:

Check if /adm/ajax.php accepts file uploads without proper validation by attempting to upload a test file

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Verify that file uploads to /adm/ajax.php are properly restricted or blocked

📡 Detection & Monitoring

Log Indicators:

Multiple file upload attempts to /adm/ajax.php
Unusual file types (e.g., .php, .jsp) uploaded via POST requests
Large or suspicious files in upload directories

Network Indicators:

POST requests to /adm/ajax.php with file upload parameters
Unusual outbound connections from the kiosk system

SIEM Query:

source="web_logs" AND uri="/adm/ajax.php" AND method="POST" AND (file_extension="php" OR file_extension="jsp" OR file_extension="exe")

📊 Metadata

CVE ID: CVE-2025-5178

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.06% exploit probability (18th percentile)

Published: May 26, 2025

Last Updated: June 3, 2025

🔗 References

https://vuldb.com/?ctiid.310266 Permissions Required,VDB Entry
https://vuldb.com/?id.310266 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.579851 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5178, you might also want to check these: