CVE-2025-14697
Shenzhen Sixun Software Sixun Shanghui Group Business Management System ExportFiles file access
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.3EPSS 0.3%KEV nãoPoC —Patch —
Ciclo de vida
15 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotely. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/2https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/2#issue-3689006583https://vuldb.com/?ctiid.336415https://vuldb.com/?id.336415https://vuldb.com/?submit.705619