CVE-2025-11139 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUp…
Medium CVSS: 5.3

CVE-2025-11139

A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Vendor
Zhiyou-group
Product
Zhiyou Erp
CWE
CWE-22
Yayın Tarihi
2025-09-29 04:15:38
Güncelleme
2025-10-03 18:19:49
Source Identifier
cna@vuldb.com
KEV Date Added
-

Kategoriler

CWE-22 Zhiyou Erp MEDIUM Zhiyou-group 2025

Referanslar

https://github.com/FightingLzn9/vul/blob/main/%E6%97%B6%E7%A9%BA%E6%99%BA%E5%8F%8Berp-2.md https://vuldb.com/?ctiid.326216 https://vuldb.com/?id.326216 https://vuldb.com/?submit.658077