Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-34040

UNKNOWN
Published 2025-06-24T01:12:22.769Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-34040. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server.

Available Exploits

Zhiyuan OA Platform - Arbitrary File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server.

ID: CVE-2025-34040
Author: iamnoooobpdresearch Critical

References:

Related News

No news articles found for this CVE.

Affected Products

Beijing Zhiyuan Internet Software Co., Ltd.

OA

Affected Versions:

5.0 5.1 6.0 7.0 7.0sp1 7.1sp1 8.0

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server.

Affected Products (ENISA)

beijing zhiyuan internet software co., ltd.
oa

ENISA Scoring

CVSS Score (4.0)

10.0
/10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS Score

6.080
probability

ENISA References

https://service.seeyon.com/patchtools/tp.html#/patchList?type=%E5%AE%89%E5%85%A8%E8%A1%A5%E4%B8%81&id=1
https://www.cnblogs.com/pursue-security/p/17677130.html
https://www.cnvd.org.cn/flaw/show/CNVD-2021-01627
https://vulncheck.com/advisories/zhiyuan-oa-system-path-traversal-file-upload

Data provided by ENISA EU Vulnerability Database. Last updated: June 24, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-mxx7-67f4-p53j

Advisory Details

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-34040
WEB https://service.seeyon.com/patchtools/tp.html#/patchList?type=%E5%AE%89%E5%85%A8%E8%A1%A5%E4%B8%81&id=1
WEB https://vulncheck.com/advisories/zhiyuan-oa-system-path-traversal-file-upload
WEB https://www.cnblogs.com/pursue-security/p/17677130.html
WEB https://www.cnvd.org.cn/flaw/show/CNVD-2021-01627

Advisory provided by GitHub Security Advisory Database. Published: June 26, 2025, Modified: June 26, 2025

References

https://service.seeyon.com/patchtools/tp.html#/patchList?type=%E5%AE%89%E5%85%A8%E8%A1%A5%E4%B8%81&id=1
https://www.cnblogs.com/pursue-security/p/17677130.html
https://www.cnvd.org.cn/flaw/show/CNVD-2021-01627
https://vulncheck.com/advisories/zhiyuan-oa-system-path-traversal-file-upload
Published: 2025-06-24T01:12:22.769Z
Last Modified: 2025-06-24T15:44:18.809Z
Copied to clipboard!