CVE-2025-4529 | Seeyon Zhiyuan OA Web Application System 8.1 SP2 ZIP File M3CoreController.class download Name path traversal

A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyonoptSeeyonA8ApacheJetspeedwebappsseeyonWEB-INFlibseeyon-apps-m3.jar!comseeyonappsm3corecontrollerM3CoreController.class of the component ZIP File Handler. The manipulation of the argument Name leads to path traversal.

This vulnerability is traded as CVE-2025-4529. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-4529 | Seeyon Zhiyuan OA Web Application System 8.1 SP2 ZIP File M3CoreController.class download Name path traversal

Post correlati

CVE-2024-7753 | SourceCodester Clinics Patient Management System 1.0 /user_images/ direct request

CVE-2024-38295 | ALCASAR up to 3.6.0 still_connected.php Privilege Escalation

CVE-2025-21606 | exelban stats up to 2.11.20 XPC Service data authenticity

CVE-2024-47181 | Contiki-NG up to 4.9 rpl_ext_header_hbh_update type conversion (GHSA-crjw-x84h-h6x3)