WellChoose｜Organization Portal System – Arbitrary File Reading through Path Traversal

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Basic Information

ID CVE-2025-8912

Source twcert

Published Aug 13, 2025 at 09:13

Affected Product

Vendor WellChoose

Product Organization Portal System

Affected Versions WellChoose Organization Portal System 0

CWE Classification

CWE-36

References

{
    "lastseen": "",
    "description": "Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.",
    "published": "2025-08-13T09:13:03.070Z",
    "modified": "2025-08-13T09:13:03.070Z",
    "type": "cve",
    "title": "WellChoose\uff5cOrganization Portal System - Arbitrary File Reading through Path Traversal",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10321-3cae5-1.html\nhttps://www.twcert.org.tw/en/cp-139-10325-70192-2.html",
    "id": "CVE-2025-8912",
    "bulletinFamily": "",
    "cwe": [
        "CWE-36"
    ],
    "cvelist": null,
    "sourceData": "WellChoose Organization Portal System 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Organization Portal System",
    "version": "0",
    "vendor": "WellChoose",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WellChoose｜Organization Portal System – Arbitrary File Reading through Path Traversal_CVE-2025-8912