CVE Alert: CVE-2025-5544
Vulnerability Summary: CVE-2025-5544
A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/java/cn/gson/oasys/controller/user/UserpanelController.java. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Affected Endpoints:
No affected endpoints listed.
Published Date:
6/3/2025, 11:15:21 PM
⚠️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://github.com/honorseclab/vulns/blob/main/aaluoxiang_oasystem/ArbitaryFileRead01.md
- https://vuldb.com/?ctiid.310994
- https://vuldb.com/?id.310994
- https://vuldb.com/?submit.585884
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
