CVE 8.8 HIGH

CVE-2025-65897_CVE-2025-65897

December 5, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files and leading to privilege escalation or remote code execution.

AI Analysis

Insufficient validation of file upload paths allows an authenticated user to write arbitrary files to the server file system, potentially leading to privilege escalation or remote code execution.

Basic Information

ID CVE-2025-65897

Source mitre

Published Dec 5, 2025 at 00:00

Modified Dec 5, 2025 at 20:49

Affected Product

Vendor zhaoyachao

Product zdh_web

Version 5.6.17

Affected Versions n/a n/a n/a

CWE Classification

CWE-22 CWE-434

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor zhaoyachao

Product zdh_web

Version 5.6.17

References

{
    "lastseen": "",
    "description": "zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files and leading to privilege escalation or remote code execution.",
    "published": "2025-12-05T00:00:00.000Z",
    "modified": "2025-12-05T20:49:46.725Z",
    "type": "cve",
    "title": "CVE-2025-65897",
    "source": "mitre",
    "references": "https://github.com/zhaoyachao/zdh_web\nhttps://github.com/zhaoyachao/zdh_web/pull/39\nhttps://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a\nhttps://github.com/zhaoyachao/zdh_web/issues/40",
    "id": "CVE-2025-65897",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22",
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "zdh_web",
    "version": "5.6.17",
    "vendor": "zhaoyachao",
    "ai_description": "Insufficient validation of file upload paths allows an authenticated user to write arbitrary files to the server file system, potentially leading to privilege escalation or remote code execution.",
    "ai_severity": "High",
    "ai_vendor": "zhaoyachao",
    "ai_product": "zdh_web",
    "ai_version": "5.6.17",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply