CVE-2025-4529 | Seeyon Zhiyuan OA Web Application System 8.1 SP2 ZIP File M3CoreController.class download Name path traversal

May 10, 2025 Yanac

A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyonoptSeeyonA8ApacheJetspeedwebappsseeyonWEB-INFlibseeyon-apps-m3.jar!comseeyonappsm3corecontrollerM3CoreController.class of the component ZIP File Handler. The manipulation of the argument Name leads to path traversal.

This vulnerability is traded as CVE-2025-4529. It is possible to launch the attack remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More