CVE-2025-11630 | RainyGao DocSys up to 2.02.36 File Upload /Doc/uploadDoc.do updateRealDoc path path traversal

October 11, 2025 Yanac

A vulnerability was found in RainyGao DocSys up to 2.02.36. It has been rated as critical. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal.

This vulnerability is identified as CVE-2025-11630. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More