CVE-2025-5544
Last modified
CVE-2025-5544 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. EPSS estimates a 0.58% chance of exploitation in the next 30 days.
Description
A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/java/cn/gson/oasys/controller/user/UserpanelController.java. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Aaluoxiang | Oa System | All versions |
References
- https://github.com/honorseclab/vulns/blob/main/aaluoxiang_oasystem/ArbitaryFileRead01.mdExploit, Third Party Advisory
- https://vuldb.com/?ctiid.310994Permissions Required, VDB Entry
- https://vuldb.com/?id.310994Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.585884Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-5544?
How severe is CVE-2025-5544?
How do I fix CVE-2025-5544?
Are you affected by CVE-2025-5544?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST