CVE-2025-41714 | Welotec SmartEMS Web Application up to 3.3.5 Request Header Upload-Key path traversal (VDE-2025-085)

A vulnerability was found in Welotec SmartEMS Web Application up to 3.3.5. It has been classified as critical. This impacts an unknown function of the component Request Header Handler. Performing manipulation of the argument Upload-Key results in path traversal.

This vulnerability is known as CVE-2025-41714. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More