CVE-2026-3025 | ShuoRen Smart Heating Integrated Management Platform 1.0.0 ExampleNodeService.asmx File unrestricted upload

A vulnerability described as critical has been identified in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload.

This vulnerability is registered as CVE-2026-3025. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3025 | ShuoRen Smart Heating Integrated Management Platform 1.0.0 ExampleNodeService.asmx File unrestricted upload

Post correlati

CVE-2024-21914 | Rockwell Automation FactoryTalk View ME up to 13 denial of service

CVE-2025-53814 | GCC Productions Fade In 4.2.0 XML Parser use after free (TALOS-2025-2252)

CVE-2024-49193 | Zendesk 1.0.5/7.x-1.1 E-Mail Message Cc improper authorization

CVE-2024-49312 | WisdmLabs Edwiser Bridge Plugin up to 3.0.7 on WordPress server-side request forgery