Search criteria
1 vulnerability by morning-pro
CVE-2025-8815 (GCVE-0-2025-8815)
Vulnerability from cvelistv5 – Published: 2025-08-10 15:32 – Updated: 2025-08-12 19:07
VLAI?
Title
猫宁i Morning Shiro Configuration index path traversal
Summary
A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
fushuling (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:07:18.418770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:07:21.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.622348"
},
{
"tags": [
"exploit"
],
"url": "https://gitee.com/morning-pro/Morning/issues/ICOVAK"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Shiro Configuration"
],
"product": "Morning",
"vendor": "\u732b\u5b81i",
"versions": [
{
"status": "affected",
"version": "bc782730c74ff080494f145cc363a0b4f43f7d3e"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fushuling (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in \u732b\u5b81i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in \u732b\u5b81i Morning bis bc782730c74ff080494f145cc363a0b4f43f7d3e ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /index der Komponente Shiro Configuration. Durch die Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T15:32:11.150Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319344 | \u732b\u5b81i Morning Shiro Configuration index path traversal",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.319344"
},
{
"name": "VDB-319344 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319344"
},
{
"name": "Submit #622348 | \u732b\u5b81i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622348"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://gitee.com/morning-pro/Morning/issues/ICOVAK"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-09T14:45:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "\u732b\u5b81i Morning Shiro Configuration index path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8815",
"datePublished": "2025-08-10T15:32:11.150Z",
"dateReserved": "2025-08-09T12:40:43.569Z",
"dateUpdated": "2025-08-12T19:07:21.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}