Unrestricted File Upload Vulnerability in hzmanyun Education and Training System
CVE-2025-1555

6.9MEDIUM

Key Information:

Vendor: Hzmanyun
Status: Education And Training System
Vendor: CVE Published:; 21 February 2025

Badges

👾 Exploit Exists

What is CVE-2025-1555?

The hzmanyun Education and Training System 3.1.1 contains a vulnerability in the saveImage function that allows attackers to upload arbitrary files without proper restrictions. This issue can be exploited remotely, potentially leading to severe compromises in web application integrity and security. Despite the vulnerability being disclosed publicly, the vendor has yet to respond to reports, which raises concerns about the ongoing risk for users of the system. Organizations utilizing this software should take urgent action to assess their exposure and implement protective measures.

Affected Version(s)

Education and Training System 3.1.1

References

https://vuldb.com/?id.296506

vdb-entrytechnical-description

https://vuldb.com/?ctiid.296506

signaturepermissions-required

https://vuldb.com/?submit.496932

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 21, 2025
Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

mike111 (VulDB User)

Hzmanyun