CVE-2025-8516 (GCVE-0-2025-8516)
Vulnerability from cvelistv5
Published
2025-08-04 15:32
Modified
2025-11-03 06:13
Severity ?
5.5 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CWE
Summary
A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. This issue affects the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\BBCMallSite\WEB-INF\lib\Kingdee.K3.O2O.Base.WebApp.jar!\kingdee\k3\o2o\base\webapp\action\FileUploadAction.class of the component IIS-K3CloudMiniApp. The manipulation of the argument filePath leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. It is suggested to install a patch to address this issue. The vendor recommends as a short-term measure to "[t]emporarily disable external network access to the Kingdee Cloud Galaxy Retail System or set up an IP whitelist for access control." The long-term remediation will be: "Install the security patch provided by the Starry Sky system, with the specific solutions being: i) Adding authentication to the vulnerable CMKAppWebHandler.ashx interface; ii) Removing the file reading function."
References
Impacted products
Vendor Product Version
Kingdee Cloud-Starry-Sky Enterprise Edition Version: 8.0
Version: 8.1
Version: 8.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8516",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-04T16:33:09.210003Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-04T16:50:28.757Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "IIS-K3CloudMiniApp"
          ],
          "product": "Cloud-Starry-Sky Enterprise Edition",
          "vendor": "Kingdee",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.1"
            },
            {
              "status": "affected",
              "version": "8.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "caichaoxiong (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. This issue affects the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\\BBCMallSite\\WEB-INF\\lib\\Kingdee.K3.O2O.Base.WebApp.jar!\\kingdee\\k3\\o2o\\base\\webapp\\action\\FileUploadAction.class of the component IIS-K3CloudMiniApp. The manipulation of the argument filePath leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. It is suggested to install a patch to address this issue. The vendor recommends as a short-term measure to \"[t]emporarily disable external network access to the Kingdee Cloud Galaxy Retail System or set up an IP whitelist for access control.\" The long-term remediation will be: \"Install the security patch provided by the Starry Sky system, with the specific solutions being: i) Adding authentication to the vulnerable CMKAppWebHandler.ashx interface; ii) Removing the file reading function.\""
        },
        {
          "lang": "de",
          "value": "In Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2 wurde eine Schwachstelle gefunden. Hiervon betroffen ist die Funktion BaseServiceFactory.getFileUploadService.deleteFileAction der Datei K3Cloud\\BBCMallSite\\WEB-INF\\lib\\Kingdee.K3.O2O.Base.WebApp.jar!\\kingdee\\k3\\o2o\\base\\webapp\\action\\FileUploadAction.class der Komponente IIS-K3CloudMiniApp. Mit der Manipulation des Arguments filePath mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden. Es wird geraten, einen Patch zu installieren, um dieses Problem zu l\u00f6sen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-03T06:13:01.303Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-318642 | Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp FileUploadAction.class path traversal",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.318642"
        },
        {
          "name": "VDB-318642 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.318642"
        },
        {
          "name": "Submit #573678 | Kingdee Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Directory Traversal and Arbitrary File Reading Vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.573678"
        },
        {
          "name": "Submit #601912 | Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Remote Arbitrary Code Execution Vulnerability ( RCE ) (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.601912"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://wx.mail.qq.com/s?k=hk3Fixc6Z1cKMI9rge"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://vip.kingdee.com/link/s/ZgAmJ"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-11-03T07:17:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp FileUploadAction.class path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-8516",
    "datePublished": "2025-08-04T15:32:07.731Z",
    "dateReserved": "2025-08-04T05:57:31.166Z",
    "dateUpdated": "2025-11-03T06:13:01.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-8516\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-08-04T16:15:35.373\",\"lastModified\":\"2025-11-03T07:15:43.350\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. This issue affects the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\\\\BBCMallSite\\\\WEB-INF\\\\lib\\\\Kingdee.K3.O2O.Base.WebApp.jar!\\\\kingdee\\\\k3\\\\o2o\\\\base\\\\webapp\\\\action\\\\FileUploadAction.class of the component IIS-K3CloudMiniApp. The manipulation of the argument filePath leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. It is suggested to install a patch to address this issue. The vendor recommends as a short-term measure to \\\"[t]emporarily disable external network access to the Kingdee Cloud Galaxy Retail System or set up an IP whitelist for access control.\\\" The long-term remediation will be: \\\"Install the security patch provided by the Starry Sky system, with the specific solutions being: i) Adding authentication to the vulnerable CMKAppWebHandler.ashx interface; ii) Removing the file reading function.\\\"\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en Kingdee Cloud-Starry-Sky Enterprise Edition hasta la versi\u00f3n 8.2. Se ha clasificado como problem\u00e1tica. La funci\u00f3n BaseServiceFactory.getFileUploadService.deleteFileAction del archivo K3Cloud\\\\BBCMallSite\\\\WEB-INF\\\\lib\\\\Kingdee.K3.O2O.Base.WebApp.jar!\\\\kingdee\\\\k3\\\\o2o\\\\base\\\\webapp\\\\action\\\\FileUploadAction.class del componente IIS-K3CloudMiniApp se ve afectada. La manipulaci\u00f3n del argumento filePath provoca path traversal. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El proveedor recomienda, como medida a corto plazo, \\\"deshabilitar temporalmente el acceso de red externa al sistema Kingdee Cloud Galaxy Retail o configurar una lista blanca de IP para el control de acceso\\\". La soluci\u00f3n a largo plazo ser\u00e1: \\\"Instalar el parche de seguridad proporcionado por el sistema Starry Sky, con soluciones espec\u00edficas: i) Agregar autenticaci\u00f3n a la interfaz vulnerable CMKAppWebHandler.ashx; ii) Eliminar la funci\u00f3n de lectura de archivos\\\".\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://vip.kingdee.com/link/s/ZgAmJ\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.318642\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.318642\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.573678\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.601912\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://wx.mail.qq.com/s?k=hk3Fixc6Z1cKMI9rge\",\"source\":\"cna@vuldb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-8516\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-04T16:33:09.210003Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-04T16:25:41.487Z\"}}], \"cna\": {\"title\": \"Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp FileUploadAction.class path traversal\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"caichaoxiong (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 5, \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"Kingdee\", \"modules\": [\"IIS-K3CloudMiniApp\"], \"product\": \"Cloud-Starry-Sky Enterprise Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0\"}, {\"status\": \"affected\", \"version\": \"8.1\"}, {\"status\": \"affected\", \"version\": \"8.2\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-04T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-08-04T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-11-03T07:17:48.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.318642\", \"name\": \"VDB-318642 | Kingdee Cloud-Starry-Sky Enterprise Edition IIS-K3CloudMiniApp FileUploadAction.class path traversal\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.318642\", \"name\": \"VDB-318642 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.573678\", \"name\": \"Submit #573678 | Kingdee Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Directory Traversal and Arbitrary File Reading Vulnerability\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://vuldb.com/?submit.601912\", \"name\": \"Submit #601912 | Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Remote Arbitrary Code Execution Vulnerability ( RCE ) (Duplicate)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://wx.mail.qq.com/s?k=hk3Fixc6Z1cKMI9rge\", \"tags\": [\"exploit\"]}, {\"url\": \"https://vip.kingdee.com/link/s/ZgAmJ\", \"tags\": [\"patch\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security vulnerability has been detected in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. This issue affects the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\\\\BBCMallSite\\\\WEB-INF\\\\lib\\\\Kingdee.K3.O2O.Base.WebApp.jar!\\\\kingdee\\\\k3\\\\o2o\\\\base\\\\webapp\\\\action\\\\FileUploadAction.class of the component IIS-K3CloudMiniApp. The manipulation of the argument filePath leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. It is suggested to install a patch to address this issue. The vendor recommends as a short-term measure to \\\"[t]emporarily disable external network access to the Kingdee Cloud Galaxy Retail System or set up an IP whitelist for access control.\\\" The long-term remediation will be: \\\"Install the security patch provided by the Starry Sky system, with the specific solutions being: i) Adding authentication to the vulnerable CMKAppWebHandler.ashx interface; ii) Removing the file reading function.\\\"\"}, {\"lang\": \"de\", \"value\": \"In Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2 wurde eine Schwachstelle gefunden. Hiervon betroffen ist die Funktion BaseServiceFactory.getFileUploadService.deleteFileAction der Datei K3Cloud\\\\BBCMallSite\\\\WEB-INF\\\\lib\\\\Kingdee.K3.O2O.Base.WebApp.jar!\\\\kingdee\\\\k3\\\\o2o\\\\base\\\\webapp\\\\action\\\\FileUploadAction.class der Komponente IIS-K3CloudMiniApp. Mit der Manipulation des Arguments filePath mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\\u00f6glich. Die Schwachstelle wurde \\u00f6ffentlich offengelegt und k\\u00f6nnte ausgenutzt werden. Es wird geraten, einen Patch zu installieren, um dieses Problem zu l\\u00f6sen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-11-03T06:13:01.303Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-8516\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T06:13:01.303Z\", \"dateReserved\": \"2025-08-04T05:57:31.166Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-08-04T15:32:07.731Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.