CVE-2025-11913 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 Service.do?Action=Download download Path path traversal

Inserito da Angelo Barbosa | Ott 17, 2025 | CVE

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. It has been declared as critical. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulation of the argument Path leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-11913. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11913 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 Service.do?Action=Download download Path path traversal

Post correlati

CVE-2024-6107 | Canonical MAAS up to 3.1.3/3.2.10/3.3.7/3.4.3/3.5.0 RPC Command improper authentication

CVE-2023-46808 | Ivanti ITSM 2023.1/2023.2/2023.3 unrestricted upload (ID 000091277)

CVE-2024-3186 | EmbedThis GoAhead up to 6.0.0 Javascript Template evalExpr null pointer dereference

CVE-2025-9811 | Campcodes Farm Management System 1.0 /reviewInput.php rating sql injection