CVE-2025-11139 | Bjskzy Zhiyou ERP up to 11.0 com.artery.form.services.FormStudioUpdater uploadStudioFile filepath path traversal

A vulnerability, which was classified as critical, has been found in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal.

This vulnerability is registered as CVE-2025-11139. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More