Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by qiyuesuo

    CVE-2025-8775 (GCVE-0-2025-8775)

    Vulnerability from nvd – Published: 2025-08-09 21:02 – Updated: 2025-08-12 16:04
    VLAI
    Title
    Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload
    Summary
    A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.319298 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.319298 signaturepermissions-required
    https://vuldb.com/?submit.625551 third-party-advisory
    https://vuldb.com/?submit.625553 third-party-advisory
    https://github.com/nn0nkey/nn0nkey/blob/main/QYS/… exploit
    Impacted products
    Vendor Product Version
    Qiyuesuo Eelectronic Signature Platform Affected: 4.0
    Affected: 4.1
    Affected: 4.2
    Affected: 4.3
    Affected: 4.4
    Affected: 4.5
    Affected: 4.6
    Affected: 4.7
    Affected: 4.8
    Affected: 4.9
    Affected: 4.10
    Affected: 4.11
    Affected: 4.12
    Affected: 4.13
    Affected: 4.14
    Affected: 4.15
    Affected: 4.16
    Affected: 4.17
    Affected: 4.18
    Affected: 4.19
    Affected: 4.20
    Affected: 4.21
    Affected: 4.22
    Affected: 4.23
    Affected: 4.24
    Affected: 4.25
    Affected: 4.26
    Affected: 4.27
    Affected: 4.28
    Affected: 4.29
    Affected: 4.30
    Affected: 4.31
    Affected: 4.32
    Affected: 4.33
    Affected: 4.34
    Create a notification for this product.
    Credits
    nn0nkey (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8775",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:44:57.829296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T16:04:12.027Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/nn0nkey/nn0nkey/blob/main/QYS/QYS_task.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Scheduled Task Handler"
              ],
              "product": "Eelectronic Signature Platform",
              "vendor": "Qiyuesuo",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                },
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "status": "affected",
                  "version": "4.3"
                },
                {
                  "status": "affected",
                  "version": "4.4"
                },
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.6"
                },
                {
                  "status": "affected",
                  "version": "4.7"
                },
                {
                  "status": "affected",
                  "version": "4.8"
                },
                {
                  "status": "affected",
                  "version": "4.9"
                },
                {
                  "status": "affected",
                  "version": "4.10"
                },
                {
                  "status": "affected",
                  "version": "4.11"
                },
                {
                  "status": "affected",
                  "version": "4.12"
                },
                {
                  "status": "affected",
                  "version": "4.13"
                },
                {
                  "status": "affected",
                  "version": "4.14"
                },
                {
                  "status": "affected",
                  "version": "4.15"
                },
                {
                  "status": "affected",
                  "version": "4.16"
                },
                {
                  "status": "affected",
                  "version": "4.17"
                },
                {
                  "status": "affected",
                  "version": "4.18"
                },
                {
                  "status": "affected",
                  "version": "4.19"
                },
                {
                  "status": "affected",
                  "version": "4.20"
                },
                {
                  "status": "affected",
                  "version": "4.21"
                },
                {
                  "status": "affected",
                  "version": "4.22"
                },
                {
                  "status": "affected",
                  "version": "4.23"
                },
                {
                  "status": "affected",
                  "version": "4.24"
                },
                {
                  "status": "affected",
                  "version": "4.25"
                },
                {
                  "status": "affected",
                  "version": "4.26"
                },
                {
                  "status": "affected",
                  "version": "4.27"
                },
                {
                  "status": "affected",
                  "version": "4.28"
                },
                {
                  "status": "affected",
                  "version": "4.29"
                },
                {
                  "status": "affected",
                  "version": "4.30"
                },
                {
                  "status": "affected",
                  "version": "4.31"
                },
                {
                  "status": "affected",
                  "version": "4.32"
                },
                {
                  "status": "affected",
                  "version": "4.33"
                },
                {
                  "status": "affected",
                  "version": "4.34"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "nn0nkey (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Qiyuesuo Eelectronic Signature Platform bis 4.34 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion execute der Datei /api/code/upload der Komponente Scheduled Task Handler. Dank Manipulation des Arguments File mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-09T21:02:07.185Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-319298 | Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.319298"
            },
            {
              "name": "VDB-319298 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.319298"
            },
            {
              "name": "Submit #625551 | qiyuesuo electronic signature platform \u003c=4.34 Scheduled task RCE",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.625551"
            },
            {
              "name": "Submit #625553 | https://www.qiyuesuo.com/ electronic signature platform \u003c=4.34 RCE (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.625553"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nn0nkey/nn0nkey/blob/main/QYS/QYS_task.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-08T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-08T22:31:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8775",
        "datePublished": "2025-08-09T21:02:07.185Z",
        "dateReserved": "2025-08-08T20:26:31.112Z",
        "dateUpdated": "2025-08-12T16:04:12.027Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-8775 (GCVE-0-2025-8775)

    Vulnerability from cvelistv5 – Published: 2025-08-09 21:02 – Updated: 2025-08-12 16:04
    VLAI
    Title
    Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload
    Summary
    A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.319298 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.319298 signaturepermissions-required
    https://vuldb.com/?submit.625551 third-party-advisory
    https://vuldb.com/?submit.625553 third-party-advisory
    https://github.com/nn0nkey/nn0nkey/blob/main/QYS/… exploit
    Impacted products
    Vendor Product Version
    Qiyuesuo Eelectronic Signature Platform Affected: 4.0
    Affected: 4.1
    Affected: 4.2
    Affected: 4.3
    Affected: 4.4
    Affected: 4.5
    Affected: 4.6
    Affected: 4.7
    Affected: 4.8
    Affected: 4.9
    Affected: 4.10
    Affected: 4.11
    Affected: 4.12
    Affected: 4.13
    Affected: 4.14
    Affected: 4.15
    Affected: 4.16
    Affected: 4.17
    Affected: 4.18
    Affected: 4.19
    Affected: 4.20
    Affected: 4.21
    Affected: 4.22
    Affected: 4.23
    Affected: 4.24
    Affected: 4.25
    Affected: 4.26
    Affected: 4.27
    Affected: 4.28
    Affected: 4.29
    Affected: 4.30
    Affected: 4.31
    Affected: 4.32
    Affected: 4.33
    Affected: 4.34
    Create a notification for this product.
    Credits
    nn0nkey (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8775",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-12T15:44:57.829296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-12T16:04:12.027Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/nn0nkey/nn0nkey/blob/main/QYS/QYS_task.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Scheduled Task Handler"
              ],
              "product": "Eelectronic Signature Platform",
              "vendor": "Qiyuesuo",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0"
                },
                {
                  "status": "affected",
                  "version": "4.1"
                },
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "status": "affected",
                  "version": "4.3"
                },
                {
                  "status": "affected",
                  "version": "4.4"
                },
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.6"
                },
                {
                  "status": "affected",
                  "version": "4.7"
                },
                {
                  "status": "affected",
                  "version": "4.8"
                },
                {
                  "status": "affected",
                  "version": "4.9"
                },
                {
                  "status": "affected",
                  "version": "4.10"
                },
                {
                  "status": "affected",
                  "version": "4.11"
                },
                {
                  "status": "affected",
                  "version": "4.12"
                },
                {
                  "status": "affected",
                  "version": "4.13"
                },
                {
                  "status": "affected",
                  "version": "4.14"
                },
                {
                  "status": "affected",
                  "version": "4.15"
                },
                {
                  "status": "affected",
                  "version": "4.16"
                },
                {
                  "status": "affected",
                  "version": "4.17"
                },
                {
                  "status": "affected",
                  "version": "4.18"
                },
                {
                  "status": "affected",
                  "version": "4.19"
                },
                {
                  "status": "affected",
                  "version": "4.20"
                },
                {
                  "status": "affected",
                  "version": "4.21"
                },
                {
                  "status": "affected",
                  "version": "4.22"
                },
                {
                  "status": "affected",
                  "version": "4.23"
                },
                {
                  "status": "affected",
                  "version": "4.24"
                },
                {
                  "status": "affected",
                  "version": "4.25"
                },
                {
                  "status": "affected",
                  "version": "4.26"
                },
                {
                  "status": "affected",
                  "version": "4.27"
                },
                {
                  "status": "affected",
                  "version": "4.28"
                },
                {
                  "status": "affected",
                  "version": "4.29"
                },
                {
                  "status": "affected",
                  "version": "4.30"
                },
                {
                  "status": "affected",
                  "version": "4.31"
                },
                {
                  "status": "affected",
                  "version": "4.32"
                },
                {
                  "status": "affected",
                  "version": "4.33"
                },
                {
                  "status": "affected",
                  "version": "4.34"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "nn0nkey (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Qiyuesuo Eelectronic Signature Platform bis 4.34 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion execute der Datei /api/code/upload der Komponente Scheduled Task Handler. Dank Manipulation des Arguments File mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-09T21:02:07.185Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-319298 | Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.319298"
            },
            {
              "name": "VDB-319298 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.319298"
            },
            {
              "name": "Submit #625551 | qiyuesuo electronic signature platform \u003c=4.34 Scheduled task RCE",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.625551"
            },
            {
              "name": "Submit #625553 | https://www.qiyuesuo.com/ electronic signature platform \u003c=4.34 RCE (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.625553"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nn0nkey/nn0nkey/blob/main/QYS/QYS_task.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-08T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-08T22:31:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8775",
        "datePublished": "2025-08-09T21:02:07.185Z",
        "dateReserved": "2025-08-08T20:26:31.112Z",
        "dateUpdated": "2025-08-12T16:04:12.027Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }