DocAve, Compliance Guardian, and Perimeter Security Notice

DocAve, Compliance Guardian, and Perimeter Security Notice

Published: 7/14/2025

Version: 1.2

Executive Summary

AvePoint is releasing this security advisory to inform customers that we have identified a High vulnerability in our DocAve, Compliance Guardian, and Perimeter solutions. The issue can be addressed by upgrading to the latest version of DocAve, Perimeter, and installing a hotfix for Compliance Guardian using the links below.

Advisory Details

AvePoint has identified a vulnerability in DocAve 6.13.2, Perimeter 1.12.3 and Compliance Guardian 4.7.1 and earlier, which could allow an authenticated administrator to upload and execute arbitrary files to the server’s webroot. The risk CVSS 3.1 score for the vulnerability is High, 8.3 (if the DocAve/Perimeter/Compliance Guardian service is exposed to the internet, it should be treated as Critical). The vulnerability can be addressed via a patch, upgrade to the latest version of the software as described in this article below.

Suggested Actions

Customers running DocAve, Compliance Guardian, and Perimeter versions that are affected are highly recommended to take one of the following steps as soon as possible to mitigate the risk:

Mitigation Option: Perform Application Upgrade / Hotfix

Upgrade to the latest version of DocAve (6.13.3). The links can be found below:

Upgrade to the latest version of Perimeter (1.12.4). The links can be found below:

Install hotfix on the Compliance Guardian Manager servers. Hotfix link below:

NOTE: If your instance of DocAve, Compliance Guardian, or Perimeter has an environment specific hotfix applied or if you are not certain whether it does, please contact our technical support staff at support@avepoint.com to confirm appropriate upgrade or manual work-around steps.

AvePoint implements best-in-class techniques for identifying, protecting, and detecting cybersecurity threats. AvePoint would like to acknowledge the contributions of Marcos Díaz Castiñeiras and Chetani Mesa Guzmán from BlackArrow in the reporting of this vulnerability, and their agility with bringing this to AvePoint’s attention.

The information security and data privacy of our customers is AvePoint’s highest priority. If you have any questions about this and/or you are contacted by anyone else about this issue, please contact our security team immediately at security@avepoint.com.

For your additional information please find AvePoint’s reporting policy and response plan: 
https://www.avepoint.com/company/vulnerability-reporting-policy