CVE-2025-9256

high

Description

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

References

Advisories

https://www.twcert.org.tw/tw/cp-132-10328-dbc35-1.html

https://www.twcert.org.tw/en/cp-139-10329-a1c5d-2.html

Details

Source: Mitre, NVD

Published: 2025-08-22

Updated: 2025-09-23

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 7.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00038

Detections

Analytics