SmartBI Unrestricted File Upload via RMIServlet Arbitrary Code Execution
CVE-2023-7305 Published on October 15, 2025
SmartBI RMIServlet Unrestricted File Upload RCE
SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code on the host. The vendor released a fix in July 2023 to address the underlying flaw. VulnCheck has observed this vulnerability being exploited in the wild.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2023-7305 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Affected Versions
Guangzhou Smart Software Co., Ltd. SmartBI:- Version V8 and below July 2023 update is affected.
- Version V9 and below July 2023 update is affected.
- Version V10 and below July 2023 update is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.