CVE-2025-9570

Medium CVSS: 6.9

The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files.

Vendor

Sun.net

Product

Ehrd Ctms

CWE

CWE-23

Yayın Tarihi

2025-09-01 04:15:51

Güncelleme

2025-09-25 14:18:25

Source Identifier

twcert@cert.org.tw

KEV Date Added

Kategoriler

CWE-23 Ehrd Ctms MEDIUM Sun.net 2025

Referanslar

https://www.twcert.org.tw/en/cp-139-10357-7de41-2.html https://www.twcert.org.tw/tw/cp-132-10356-ea431-1.html

Benzer Kayıtlar

High

CVE-2025-15225

WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit…

Critical

CVE-2025-15226

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload…

Medium

CVE-2025-9567

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attacke…

Medium

CVE-2025-9568

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attacke…

Medium

CVE-2025-9569

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attacke…

Critical

CVE-2025-54945

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allow…