CVE-2025-2116 | Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System File Protocol imageProxy.do server-side request forgery

A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /newsedit/newsedit/xy/imageProxy.do of the component File Protocol Handler. The manipulation of the argument xyImgUrl leads to server-side request forgery.

This vulnerability is known as CVE-2025-2116. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-2116 | Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System File Protocol imageProxy.do server-side request forgery

Post correlati

CVE-2022-49663 | Linux Kernel up to 5.10.128/5.15.52/5.18.9 include/linux/skbuff.h skb_tunnel_check_pmtu Privilege Escalation

CVE-2023-6450 | Lenovo App Store App prior 12.4.20 resource consumption

CVE-2024-5481 | 10Web Photo Gallery Plugin up to 1.8.23 on WordPress esc_dir path traversal

CVE-2024-0607 | Linux Kernel up to 6.7-rc1 Netfilter nft_byteorder.c nft_byteorder_eval memory corruption