← Volver a CVEs

CVE-2025-5545

MEDIUM

4.3

Descripcion

A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Detalles CVE

Puntuacion CVSS v3.14.3

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado6/4/2025

Ultima modificacion6/9/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

aaluoxiang:oa_system

Debilidades (CWE)

CWE-22

Referencias

https://github.com/honorseclab/vulns/blob/main/aaluoxiang_oasystem/ArbitaryFileRead02.md(cna@vuldb.com)

https://vuldb.com/?ctiid.310995(cna@vuldb.com)

https://vuldb.com/?id.310995(cna@vuldb.com)

https://vuldb.com/?submit.585885(cna@vuldb.com)

https://github.com/honorseclab/vulns/blob/main/aaluoxiang_oasystem/ArbitaryFileRead02.md(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.