First published: Sun May 11 2025(Updated: )
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\WEB-INF\lib\seeyon-apps-m3.jar!\com\seeyon\apps\m3\core\controller\M3CoreController.class of the component ZIP File Handler. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Seeyon Zhiyuan OA Web Application System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-4529 is classified as a problematic vulnerability in the Seeyon Zhiyuan OA Web Application System.
To fix CVE-2025-4529, update to the latest version of Seeyon Zhiyuan OA Web Application System that addresses this vulnerability.
CVE-2025-4529 affects Seeyon Zhiyuan OA Web Application System version 8.1 SP2.
CVE-2025-4529 affects the Download function within the seeyon-apps-m3.jar file of the application.
As of now, there are no reported incidents confirming active exploitation of CVE-2025-4529.