CVE-2025-5029 | Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 File deleteFileAction.jhtml filePath path traversal (KDPSIRT-2025-00091)

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the component File Handler. The manipulation of the argument filePath leads to path traversal.

This vulnerability is known as CVE-2025-5029. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-5029 | Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 File deleteFileAction.jhtml filePath path traversal (KDPSIRT-2025-00091)

Post correlati

CVE-2022-38141 | Zorem Sales Report Email for WooCommerce Plugin up to 2.8 on WordPress authorization

CVE-2023-50734 | Lexmark CX331adwe make42charstring stack-based overflow

CVE-2024-1206 | WP Recipe Maker Plugin up to 9.1.2 on WordPress sql injection

CVE-2024-13474 | enituretechnology LTL Freight Quotes Plugin up to 2.2.3 on WordPress dropship_edit_id/edit_id sql injection