CVE-2025-0390 (GCVE-0-2025-0390)

Vulnerability from cvelistv5 – Published: 2025-01-11 07:31 – Updated: 2025-01-13 15:29
VLAI?
Title
Guangzhou Huayi Intelligent Technology Jeewms wmOmNoticeHController.do path traversal
Summary
A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
6.9 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-24 - Path Traversal: '../filedir'
  • CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
Vendor Product Version
Guangzhou Huayi Intelligent Technology Jeewms Affected: 20241229
Create a notification for this product.
Credits
VulDB Gitee Analyzer
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0390",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-13T15:29:42.303455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-13T15:29:52.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jeewms",
          "vendor": "Guangzhou Huayi Intelligent Technology",
          "versions": [
            {
              "status": "affected",
              "version": "20241229"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB Gitee Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: \u0027../filedir\u0027. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component."
        },
        {
          "lang": "de",
          "value": "In Guangzhou Huayi Intelligent Technology Jeewms bis 20241229 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /wmOmNoticeHController.do. Durch das Beeinflussen mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 20250101 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-11T07:31:09.281Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-291124 | Guangzhou Huayi Intelligent Technology Jeewms wmOmNoticeHController.do path traversal",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.291124"
        },
        {
          "name": "VDB-291124 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.291124"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IBFKBM"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-01-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-01-10T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-01-10T18:25:43.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Guangzhou Huayi Intelligent Technology Jeewms wmOmNoticeHController.do path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-0390",
    "datePublished": "2025-01-11T07:31:09.281Z",
    "dateReserved": "2025-01-10T17:20:33.457Z",
    "dateUpdated": "2025-01-13T15:29:52.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: \u0027../filedir\u0027. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.\"}]",
      "id": "CVE-2025-0390",
      "lastModified": "2025-01-11T08:15:26.527",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"LOW\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2025-01-11T08:15:26.527",
      "references": "[{\"url\": \"https://gitee.com/erzhongxmu/JEEWMS/issues/IBFKBM\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?ctiid.291124\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?id.291124\", \"source\": \"cna@vuldb.com\"}]",
      "sourceIdentifier": "cna@vuldb.com",
      "vulnStatus": "Received",
      "weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-23\"}, {\"lang\": \"en\", \"value\": \"CWE-24\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-0390\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-01-11T08:15:26.527\",\"lastModified\":\"2025-09-11T21:00:01.997\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: \u0027../filedir\u0027. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Guangzhou Huayi Intelligent Technology Jeewms hasta 20241229. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /wmOmNoticeHController.do. La manipulaci\u00f3n conduce a la navegaci\u00f3n por la ruta: \u0027../filedir\u0027. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 20250101 puede solucionar este problema. Se recomienda actualizar el componente afectado.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-23\"},{\"lang\":\"en\",\"value\":\"CWE-24\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:huayi-tec:jeewms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2025-01-01\",\"matchCriteriaId\":\"1E8DDE9A-317C-499F-B0B9-36A4A42D764C\"}]}]}],\"references\":[{\"url\":\"https://gitee.com/erzhongxmu/JEEWMS/issues/IBFKBM\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://vuldb.com/?ctiid.291124\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.291124\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0390\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-13T15:29:42.303455Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-13T15:29:48.199Z\"}}], \"cna\": {\"title\": \"Guangzhou Huayi Intelligent Technology Jeewms wmOmNoticeHController.do path traversal\", \"credits\": [{\"lang\": \"en\", \"type\": \"tool\", \"value\": \"VulDB Gitee Analyzer\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 5, \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"Guangzhou Huayi Intelligent Technology\", \"product\": \"Jeewms\", \"versions\": [{\"status\": \"affected\", \"version\": \"20241229\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-01-10T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-01-10T01:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-01-10T18:25:43.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.291124\", \"name\": \"VDB-291124 | Guangzhou Huayi Intelligent Technology Jeewms wmOmNoticeHController.do path traversal\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://vuldb.com/?ctiid.291124\", \"name\": \"VDB-291124 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://gitee.com/erzhongxmu/JEEWMS/issues/IBFKBM\", \"tags\": [\"exploit\", \"issue-tracking\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: \u0027../filedir\u0027. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.\"}, {\"lang\": \"de\", \"value\": \"In Guangzhou Huayi Intelligent Technology Jeewms bis 20241229 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /wmOmNoticeHController.do. Durch das Beeinflussen mit unbekannten Daten kann eine path traversal: \u0027../filedir\u0027-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \\u00fcber das Netzwerk. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung. Ein Aktualisieren auf die Version 20250101 vermag dieses Problem zu l\\u00f6sen. Als bestm\\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-24\", \"description\": \"Path Traversal: \u0027../filedir\u0027\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-23\", \"description\": \"Relative Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-01-11T07:31:09.281Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-0390\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-13T15:29:52.358Z\", \"dateReserved\": \"2025-01-10T17:20:33.457Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-01-11T07:31:09.281Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.