CVE-2025-9602 | Xinhu RockOA up to 2.6.9 /index.php publicsaveAjax improper authorization

Inserito da Angelo Barbosa | Ago 28, 2025 | CVE

A vulnerability, which was classified as critical, has been found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization.

This vulnerability is reported as CVE-2025-9602. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2025-9602 | Xinhu RockOA up to 2.6.9 /index.php publicsaveAjax improper authorization

Post correlati

CVE-2025-54670 | oik Plugin up to 4.15.2 on WordPress cross site scripting

CVE-2025-7542 | PHPGurukul User Registration & Login and User Management System /admin/user-profile.php sql injection

CVE-2023-48359 | Unisoc S8000 Autotest Driver out-of-bounds write

CVE-2024-21892 | Node.js up to 18.19.0/20.11.0/21.6.1 code injection