Path Traversal Vulnerability in Four-Faith Water Conservancy Informatization Platform
CVE-2025-11337
Key Information:
- Vendor
Four-faith
- Vendor
- CVE Published:
- 6 October 2025
Badges
What is CVE-2025-11337?
A path traversal vulnerability has been identified in the Four-Faith Water Conservancy Informatization Platform, specifically in the handling of user-supplied input in the file path. The flaw allows an attacker to manipulate the 'fileName' argument in HTTP requests targeting 'aloneReport/download.do' and 'othersusrlogout.do' endpoints. This could lead to unauthorized access to sensitive files on the server. The vulnerability can be exploited remotely, potentially exposing the system to serious security risks. Despite early disclosure efforts to the vendor, there has been no response to address this critical issue.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Water Conservancy Informatization Platform 2.0
Water Conservancy Informatization Platform 2.1
Water Conservancy Informatization Platform 2.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved