CVE-2025-11018 | Four-Faith Water Conservancy Informatization Platform 1.0 download.do;usrlogout.do.do fileName path traversal

A vulnerability described as critical has been identified in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can lead to path traversal.

This vulnerability is registered as CVE-2025-11018. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More