exploitDog

CVE-2025-8912

Опубликовано: 13 авг. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Ссылки

https://www.twcert.org.tw/en/cp-139-10325-70192-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10321-3cae5-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wellchoose:organization_portal_system:*:*:*:*:*:*:*:*

Версия до IFTOP_P3_2_1_197 (исключая)

EPSS

Процентиль: 29%

0.00103

Низкий

7.5 High

CVSS3

Дефекты

CWE-36

CWE-22

Связанные уязвимости

GHSA-3r5r-4r48-4hxh

CVSS3: 7.5

github

6 месяцев назад

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

EPSS

Процентиль: 29%

0.00103

Низкий

7.5 High

CVSS3

Дефекты

CWE-36

CWE-22