logo_clicknbuy.png

CVE-2025-5029 – Kingdee Cloud Galaxy Private Cloud BBC System Path Traversal Vulnerability

The following table lists the changes that have been made to the
CVE-2025-5029 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    May. 21, 2025

    Action Type Old Value New Value
    Added Description A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the component File Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
    Added CVSS V2 (AV:N/AC:L/Au:S/C:N/I:P/A:P)
    Added CWE CWE-22
    Added Reference https://vip.kingdee.com/knowledge/708656434111770368
    Added Reference https://vip.kingdee.com/school/detail/713028702245944320?productLineId=1&lang=zh-CN
    Added Reference https://vuldb.com/?ctiid.309847
    Added Reference https://vuldb.com/?id.309847
    Added Reference https://vuldb.com/?submit.570956
    Added Reference https://wx.mail.qq.com/s?k=nFbp0U0gSX0QVechIO
Share the Post:

Related Posts