CVE-2025-65897
CVE-2025-65897
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
05 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files and leading to privilege escalation or remote code execution.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a