{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4530", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-10T05:38:11.170Z", "datePublished": "2025-05-11T05:00:06.212Z", "dateUpdated": "2025-05-12T13:55:51.342Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-11T05:00:06.212Z"}, "title": "feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "feng_ha_ha", "product": "ssm-erp", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["File Handler"]}, {"vendor": "feng_ha_ha", "product": "production_ssm", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["File Handler"]}, {"vendor": "megagao", "product": "ssm-erp", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["File Handler"]}, {"vendor": "megagao", "product": "production_ssm", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names."}, {"lang": "de", "value": "In feng_ha_ha/megagao ssm-erp and production_ssm 1.0 wurde eine problematische Schwachstelle ausgemacht. Es geht um die Funktion handleFileDownload der Datei FileController.java der Komponente File Handler. Dank der Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2025-05-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-05-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-05-10T07:43:22.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "fatd0g (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.308275", "name": "VDB-308275 | feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.308275", "name": "VDB-308275 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.565380", "name": "Submit #565380 | production_ssm 1 Arbitrary File Reads", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Hao-Ni/CVE/issues/2", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-12T13:55:27.230001Z", "id": "CVE-2025-4530", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T13:55:51.342Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "fatd0g (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "feng_ha_ha", "modules": ["File Handler"], "product": "ssm-erp", "versions": [{"status": "affected", "version": "1.0"}]}, {"vendor": "feng_ha_ha", "modules": ["File Handler"], "product": "production_ssm", "versions": [{"status": "affected", "version": "1.0"}]}, {"vendor": "megagao", "modules": ["File Handler"], "product": "ssm-erp", "versions": [{"status": "affected", "version": "1.0"}]}, {"vendor": "megagao", "modules": ["File Handler"], "product": "production_ssm", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2025-05-10T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-05-10T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-05-10T07:43:22.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.308275", "name": "VDB-308275 | feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.308275", "name": "VDB-308275 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.565380", "name": "Submit #565380 | production_ssm 1 Arbitrary File Reads", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Hao-Ni/CVE/issues/2", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names."}, {"lang": "de", "value": "In feng_ha_ha/megagao ssm-erp and production_ssm 1.0 wurde eine problematische Schwachstelle ausgemacht. Es geht um die Funktion handleFileDownload der Datei FileController.java der Komponente File Handler. Dank der Manipulation mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-11T05:00:06.212Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4530", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-12T13:55:27.230001Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-05-12T13:55:38.286Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-4530", "state": "PUBLISHED", "dateUpdated": "2025-05-11T05:00:06.212Z", "dateReserved": "2025-05-10T05:38:11.170Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-05-11T05:00:06.212Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en feng_ha_ha/megagao ssm-erp y production_ssm 1.0. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n handleFileDownload del archivo FileController.java del componente File Handler. La manipulaci\u00f3n provoca un path traversal. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Este producto se distribuye con dos nombres completamente diferentes."}], "id": "CVE-2025-4530", "lastModified": "2025-05-12T17:32:32.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-05-11T05:15:16.167", "references": [{"source": "[email protected]", "url": "https://github.com/Hao-Ni/CVE/issues/2"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.308275"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.308275"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.565380"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "[email protected]", "type": "Primary"}]}

{}