Uniong｜WebITR – Arbitrary File Reading through Path Traversal_CVE-2025-9258

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

Basic Information

ID CVE-2025-9258

Source twcert

Published Aug 22, 2025 at 11:43

Affected Product

Vendor Uniong

Product WebITR

Affected Versions Uniong WebITR 0

CWE Classification

CWE-36

References

{
    "lastseen": "",
    "description": "WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.",
    "published": "2025-08-22T11:43:44.536Z",
    "modified": "2025-08-22T11:43:44.536Z",
    "type": "cve",
    "title": "Uniong\uff5cWebITR - Arbitrary File Reading through Path Traversal",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10328-dbc35-1.html\nhttps://www.twcert.org.tw/en/cp-139-10329-a1c5d-2.html",
    "id": "CVE-2025-9258",
    "bulletinFamily": "",
    "cwe": [
        "CWE-36"
    ],
    "cvelist": null,
    "sourceData": "Uniong WebITR 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WebITR",
    "version": "0",
    "vendor": "Uniong",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}