VDB
CVE-2025-34040
CVE-2025-34040
PUBLISHED
CVSS 10 CRITICAL
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server.
EPSS 9.68% · 93.0th percentile
Risk Scores
CVSS v4.0
10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS Score
9.68%
93.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.) | Zhiyuan OA Web Application System | 6.0, 7.1sp1, 8.0 |
Timeline
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
References
- https://service.seeyon.com/patchtools/tp.html#/patchList?type=%E5%AE%89%E5%85%A8%E8%A1%A5%E4%B8%81&id=1 vendor-advisory
- https://www.cnblogs.com/pursue-security/p/17677130.html exploit
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-01627 third-party-advisory
- https://vulncheck.com/advisories/zhiyuan-oa-system-path-traversal-file-upload third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-34040 advisory