Back

Security advisory: CVE-2025-57794

Published: 2026-01-28

Summary

A third-party security advisory identified a vulnerability related to file upload handling in the administrative interface affecting certain versions of Explorance Blue. Explorance assessed the issue, implemented corrective measures, and resolved the issue. There is no evidence that this issue has been exploited in the wild.

Affected versions

Explorance Blue versions prior to 8.14.9. Versions 8.14.9 and later are not affected.

Deployment applicability

  • Explorance-hosted (SaaS): No customer action required.
  • Self-hosted: Affected if running a vulnerable version.

Impact

If exploited, this issue could have allowed unintended access or behavior within the application. This could have allowed execution of unauthorized code by an authenticated user. No customer data compromise has been identified.

Resolution

The issue has been resolved in Explorance Blue version 8.14.9. File type validation and upload handling restrictions were strengthened.

Customer action

  • SaaS customers: No action required.
  • Self-hosted customers: Upgrade to Explorance Blue version 8.14.9 or later.

Timeline

  • Issue reported: 2025-04-28
  • Patch released: 2025-05-06

References

Third-party CVE publication: https://www.cve.org/CVERecord?id=CVE-2025-57794

Support

Customers with questions or concerns should contact support@explorance.com.

Acknowledgment

Explorance thanks Abdulrahman Nour of Mandiant (Google Cloud) for responsibly reporting this vulnerability.

Copyright © 2026

Explorance Inc. All rights reserved.