Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2025-0225

CVE-2025-0225

MEDIUM5.3

Tsinghua Unigroup Electronic Archives System exampleDownload.html path traversal

Published Jan 5, 2025

Modified 1 years ago

Details

A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to path traversal: '/../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

References

https://github.com/BxYQ/ld/blob/main/file_read4/poc.py

https://github.com/BxYQ/ld/tree/main/file_read4

https://vuldb.com/?ctiid.290215

https://vuldb.com/?id.290215

https://vuldb.com/?submit.474264

https://www.cve.org/CVERecord?id=CVE-2025-0225

CVSS Analysis

CVSS v4.0

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

LowVC:L

Vuln. Integrity

NoneVI:N

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

5.3/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Weakness Type (CWE)

Input Validation

Relative Path Traversal

Other

Ecosystems

Timeline

PublishedJan 5, 2025

ModifiedJan 6, 2025

CVE-2025-0225 | Mondoo Vulnerability Intelligence