CVE-2025-11337 | Four-Faith Water Conservancy Informatization Platform up to 2.2 download.do;othersusrlogout.do fileName path traversal

A vulnerability marked as critical has been reported in Four-Faith Water Conservancy Informatization Platform up to 2.2. This affects an unknown part of the file /aloneReport/index.do/../../aloneReport/download.do;othersusrlogout.do. Performing manipulation of the argument fileName results in path traversal.

This vulnerability is cataloged as CVE-2025-11337. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More