exploitDog

CVE-2025-8909

Опубликовано: 13 авг. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

Ссылки

https://www.twcert.org.tw/en/cp-139-10325-70192-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10321-3cae5-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wellchoose:organization_portal_system:*:*:*:*:*:*:*:*

Версия до IFTOP_P3_2_1_197 (исключая)

EPSS

Процентиль: 19%

0.00061

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-36

CWE-22

Связанные уязвимости

GHSA-j9mr-p9r5-6rh3

CVSS3: 6.5

github

16 дней назад

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

EPSS

Процентиль: 19%

0.00061

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-36

CWE-22