Remote File Access Vulnerability in Shenzhen Sixun Software Business Management System
CVE-2025-14697

6.3MEDIUM

Key Information:

Vendor

Shenzhen Sixun Software

Status
Sixun Shanghui Group Business Management System
Vendor
CVE Published:
15 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-14697?

A security flaw has been identified in the Sixun Shanghui Group Business Management System version 4.10.24.3 from Shenzhen Sixun Software, related to unspecified functionality within the /ExportFiles/ directory. This vulnerability allows for unauthorized access to files or directories, potentially leading to data exposure. Attackers can exploit this vulnerability remotely, though the complexity of execution is notably high. Despite early notification to the vendor regarding this issue, no response has been received, raising concerns about the potential for public exploitation given recent disclosures.

Affected Version(s)

Sixun Shanghui Group Business Management System 4.10.24.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-14697 - Proof of Concept

References

https://vuldb.com/?id.336415
vdb-entry
https://vuldb.com/?ctiid.336415
signaturepermissions-required
https://vuldb.com/?submit.705619
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

yaozhangYiqiyin (VulDB User)
JSON
.
CVE-2025-14697 : Remote File Access Vulnerability in Shenzhen Sixun Software Business Management System