CVE 8.7 HIGH

WELLTEND TECHNOLOGY｜ BPMFlowWebkit – Arbitrary File Read_CVE-2025-15227

December 29, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

AI Analysis

Arbitrary File Read vulnerability in BPMFlowWebkit, allowing unauthenticated remote attackers to download arbitrary system files via Absolute Path Traversal.

Basic Information

ID CVE-2025-15227

Source twcert

Published Dec 29, 2025 at 07:10

Affected Product

Vendor WELLTEND TECHNOLOGY

Product BPMFlowWebkit

Affected Versions WELLTEND TECHNOLOGY BPMFlowWebkit 0

CWE Classification

CWE-36

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor WELLTEND TECHNOLOGY

Product BPMFlowWebkit

References

{
    "lastseen": "",
    "description": "BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.",
    "published": "2025-12-29T07:10:24.624Z",
    "modified": "2025-12-29T07:10:24.624Z",
    "type": "cve",
    "title": "WELLTEND TECHNOLOGY\uff5c BPMFlowWebkit - Arbitrary File Read",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10604-c65aa-1.html\nhttps://www.twcert.org.tw/en/cp-139-10605-426b6-2.html",
    "id": "CVE-2025-15227",
    "bulletinFamily": "",
    "cwe": [
        "CWE-36"
    ],
    "cvelist": null,
    "sourceData": "WELLTEND TECHNOLOGY BPMFlowWebkit 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BPMFlowWebkit",
    "version": "0",
    "vendor": "WELLTEND TECHNOLOGY",
    "ai_description": "Arbitrary File Read vulnerability in BPMFlowWebkit, allowing unauthenticated remote attackers to download arbitrary system files via Absolute Path Traversal.",
    "ai_severity": "High",
    "ai_vendor": "WELLTEND TECHNOLOGY",
    "ai_product": "BPMFlowWebkit",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply