← back
CVE-2025-54945

SUNNET Corporate Training Management System - External Control of File Name or Path

CVSS 10 CRITICALEPSS 0.5%CWE-73
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 10EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
SUNNET Technology Co., Ltd. · Corporate Training Management System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://zuso.ai/advisory/za-2025-13