CVE-2025-34046

216.73.217.22

· Published 26/06/2025 16:15 · Modified 26/06/2025 18:57

Labels: CVE-2025-34046 2025-06-26 CVE-2025-34046 CWE-94 [email protected]

Essential information

Published: 26/06/2025 16:15
Modified: 26/06/2025 18:57
Author: —
Creator: —
CVSS: 10.0 CRITICAL (v3) 10.0 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters (uploadType=eoffice_logo or uploadType=theme). An attacker can exploit this flaw by sending a crafted HTTP POST request to upload arbitrary files without requiring authentication. Successful exploitation could enable remote code execution on the affected server, leading to complete compromise of the web application and potentially the underlying system.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
fanwei / e-office	`cpe:2.3:a:fanwei:e-office::::::::`