CVE-2025-14520 | baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c delfile filename path traversal

A vulnerability marked as critical has been reported in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal.

This vulnerability is tracked as CVE-2025-14520. The attack is possible to be carried out remotely. Moreover, an exploit is present.

This product adopts a rolling release strategy to maintain continuous delivery

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14520 | baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c delfile filename path traversal

Post correlati

CVE-2025-6098 | UTT 进取 750W up to 5.0 API /goform/setSysAdm strcpy passwd1 buffer overflow

CVE-2023-43586 | Zoom Desktop Client/VDI Client/SDK on Windows path traversal

CVE-2024-51706 | Upeksha Wisidagama UW Freelancer Plugin up to 0.1 on WordPress cross site scripting

CVE-2024-8822 | PDF-XChange Editor U3D File Parser out-of-bounds (ZDI-24-1245)