CVE 5.3 MEDIUM

Qiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted upload_CVE-2025-8775

August 9, 2025 invoker category_cve
5.3 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-8775
Source VulDB
Published Aug 9, 2025 at 21:02

Affected Product

Vendor Qiyuesuo
Product Eelectronic Signature Platform
Version 4.0
Affected Versions Qiyuesuo Eelectronic Signature Platform 4.0
Qiyuesuo Eelectronic Signature Platform 4.1
Qiyuesuo Eelectronic Signature Platform 4.2
Qiyuesuo Eelectronic Signature Platform 4.3
Qiyuesuo Eelectronic Signature Platform 4.4
Qiyuesuo Eelectronic Signature Platform 4.5
Qiyuesuo Eelectronic Signature Platform 4.6
Qiyuesuo Eelectronic Signature Platform 4.7
Qiyuesuo Eelectronic Signature Platform 4.8
Qiyuesuo Eelectronic Signature Platform 4.9
Qiyuesuo Eelectronic Signature Platform 4.10
Qiyuesuo Eelectronic Signature Platform 4.11
Qiyuesuo Eelectronic Signature Platform 4.12
Qiyuesuo Eelectronic Signature Platform 4.13
Qiyuesuo Eelectronic Signature Platform 4.14
Qiyuesuo Eelectronic Signature Platform 4.15
Qiyuesuo Eelectronic Signature Platform 4.16
Qiyuesuo Eelectronic Signature Platform 4.17
Qiyuesuo Eelectronic Signature Platform 4.18
Qiyuesuo Eelectronic Signature Platform 4.19
Qiyuesuo Eelectronic Signature Platform 4.20
Qiyuesuo Eelectronic Signature Platform 4.21
Qiyuesuo Eelectronic Signature Platform 4.22
Qiyuesuo Eelectronic Signature Platform 4.23
Qiyuesuo Eelectronic Signature Platform 4.24
Qiyuesuo Eelectronic Signature Platform 4.25
Qiyuesuo Eelectronic Signature Platform 4.26
Qiyuesuo Eelectronic Signature Platform 4.27
Qiyuesuo Eelectronic Signature Platform 4.28
Qiyuesuo Eelectronic Signature Platform 4.29
Qiyuesuo Eelectronic Signature Platform 4.30
Qiyuesuo Eelectronic Signature Platform 4.31
Qiyuesuo Eelectronic Signature Platform 4.32
Qiyuesuo Eelectronic Signature Platform 4.33
Qiyuesuo Eelectronic Signature Platform 4.34

CWE Classification

CWE-434 CWE-284

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.