CVE-2025-63695 | DzzOffice up to 2.3.7 controller.php unrestricted upload (Issue 365)

November 18, 2025 Yanac

A vulnerability described as critical has been identified in DzzOffice up to 2.3.7. The impacted element is an unknown function of the file /dzz/system/ueditor/php/controller.php. Such manipulation leads to unrestricted upload.

This vulnerability is traded as CVE-2025-63695. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More

CVE-2025-63994 | RichFilemanager 2.7.6 /php/UploadHandler.php unrestricted upload (Issue 412)
CVE-2025-54971 | Fortinet FortiADC up to 6.2.6/7.0.6/7.1.5/7.2.8/7.4.0 information disclosure (FG-IR-25-686)