cvelistv5 - cve-2025-3551

CVE-2025-3551 (GCVE-0-2025-3551)

Vulnerability from cvelistv5 – Published: 2025-04-14 04:31 – Updated: 2025-05-05 11:25

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-05-05T11:25:11.296Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-3551",
    "datePublished": "2025-04-14T04:31:04.486Z",
    "dateRejected": "2025-05-05T11:25:11.296Z",
    "dateReserved": "2025-04-13T22:13:58.107Z",
    "dateUpdated": "2025-05-05T11:25:11.296Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-3551\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-04-14T05:15:15.330\",\"lastModified\":\"2025-05-05T12:15:16.923\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof.\"}],\"metrics\":{},\"references\":[]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-05-05T11:25:11.296Z\"}, \"rejectedReasons\": [{\"lang\": \"en\", \"value\": \"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof.\"}]}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-3551\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"state\": \"REJECTED\", \"assignerShortName\": \"VulDB\", \"dateReserved\": \"2025-04-13T22:13:58.107Z\", \"datePublished\": \"2025-04-14T04:31:04.486Z\", \"dateUpdated\": \"2025-05-05T11:25:11.296Z\", \"dateRejected\": \"2025-05-05T11:25:11.296Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-X9M2-445C-RWPH

Vulnerability from github – Published: 2025-04-14 06:30 – Updated: 2025-04-14 06:30

Details

A vulnerability was found in Lingxing ERP 2 and classified as critical. Affected by this issue is the function DoUpload of the file /Api/FileUpload.ashx?method=DoUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

7.3 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-3551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-14T05:15:15Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Lingxing ERP 2 and classified as critical. Affected by this issue is the function DoUpload of the file /Api/FileUpload.ashx?method=DoUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-x9m2-445c-rwph",
  "modified": "2025-04-14T06:30:24Z",
  "published": "2025-04-14T06:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3551"
    },
    {
      "type": "WEB",
      "url": "https://github.com/666lail/report/blob/main/tmp/fileUpload_1.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.304592"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.304592"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.547878"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2025-3551

Vulnerability from fkie_nvd - Published: 2025-04-14 05:15 - Updated: 2025-05-05 12:15

Severity ?

Summary

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof.

References

	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof."
    }
  ],
  "id": "CVE-2025-3551",
  "lastModified": "2025-05-05T12:15:16.923",
  "metrics": {},
  "published": "2025-04-14T05:15:15.330",
  "references": [],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Rejected"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-3551 (GCVE-0-2025-3551)

GHSA-X9M2-445C-RWPH

FKIE_CVE-2025-3551

Tags

Sightings

Nomenclature