Vendor
A critical remote code execution (RCE) vulnerability, CVE-2025-58048, in Paymenter's ticket attachments functionality allows an authenticated, low-privileged user to upload arbitrary files, leading to full compromise of the application and underlying server, enabling attackers to extract sensitive data, read credentials, and execute arbitrary system commands.