CVE-2025-10709

216.73.216.233

· Published 19/09/2025 12:15 · Modified 19/09/2025 16:00

Labels: CVE-2025-10709 2025-09-19 CVE-2025-10709 CWE-22 [email protected]

Essential information

Published: 19/09/2025 12:15
Modified: 19/09/2025 16:00
Author: —
Creator: —
CVSS: 5.5 MEDIUM (v3) 5.5 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this issue is some unknown functionality of the file /history/historyDownload.do;otheruserLogin.do;getfile. The manipulation of the argument fileName results in path traversal. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
four-faith / water conservancy informatization platform	`cpe:2.3:a:four-faith:water_conservancy_informatization_platform:1.0:::::::*`