First published: Sun May 11 2025(Updated: )
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component Beetl Template Handler. The manipulation of the argument payrollId leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Seeyon Zhiyuan OA Web Application System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-4531 is rated as critical due to its potential impact on the Seeyon Zhiyuan OA Web Application System.
To fix CVE-2025-4531, update the Seeyon Zhiyuan OA Web Application System to the latest version provided by the vendor.
CVE-2025-4531 affects the postData function in the EhrSalaryPayrollServiceImpl.class file located in the WEB-INF classes of the application.
CVE-2025-4531 affects the Seeyon Zhiyuan OA Web Application System, specifically version 8.1 SP2.
As of now, specific exploits for CVE-2025-4531 have not been publicly disclosed but the critical rating suggests a high urgency for addressing the vulnerability.