CVE-2025-11139 | Bjskzy Zhiyou ERP up to 11.0 com.artery.form.services.FormStudioUpdater uploadStudioFile filepath path traversal

Inserito da Angelo Barbosa | Set 28, 2025 | CVE

A vulnerability, which was classified as critical, has been found in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal.

This vulnerability is registered as CVE-2025-11139. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11139 | Bjskzy Zhiyou ERP up to 11.0 com.artery.form.services.FormStudioUpdater uploadStudioFile filepath path traversal

Post correlati

CVE-2024-30401 | Juniper Junos OS up to 22.2R1 on MX Advanced Forwarding Management out-of-bounds (JSA79110)

CVE-2024-21357 | Microsoft Windows up to Server 2022 23H2 Pragmatic General Multicast Remote Code Execution

CVE-2023-52059 | Gestsup 3.2.46 Description cross site scripting

CVE-2024-9449 | Auto iFrame Plugin up to 1.7 on WordPress tag cross site scripting