exploitDog

CVE-2025-54944

Опубликовано: 30 авг. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.

Ссылки

https://zuso.ai/advisory/za-2025-12

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sun.net:ehrd_ctms:*:*:*:*:*:*:*:*

Версия до 10.11 (исключая)

EPSS

Процентиль: 51%

0.00277

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-p4wg-48wq-x28w

CVSS3: 9.8

github

5 месяцев назад

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.

EPSS

Процентиль: 51%

0.00277

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434