CVE-2025-8775 | Qiyuesuo Eelectronic Signature Platform up to 4.34 Scheduled Task /api/code/upload execute File unrestricted upload

A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload.

This vulnerability is handled as CVE-2025-8775. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-8775 | Qiyuesuo Eelectronic Signature Platform up to 4.34 Scheduled Task /api/code/upload execute File unrestricted upload

Post correlati

CVE-2022-48940 | Linux Kernel up to 5.15.25/5.16.11 bpf copy_map_value stack-based overflow (719d1c2524c8/eca9bd215d22/a8abb0c3dc1e)

CVE-2024-8804 | Code Embed Plugin up to 2.4 on WordPress cross site scripting

CVE-2024-3494 | Mesmerize Companion Plugin up to 1.6.148 on WordPress Shortcode mesmerize_contact_form cross site scripting

CVE-2023-42900 | Apple macOS up to 14.1 App access control (HT214036)