Arbitrary File Upload Vulnerability in Zhiyuan OA Platform by Seeyon
CVE-2025-34040

10CRITICAL

Key Information:

Vendor

Beijing Zhiyuan Internet Software Co., Ltd.

Status
Oa
Vendor
CVE Published:
24 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34040?

An arbitrary file upload vulnerability has been identified in the Zhiyuan OA platform. This security flaw affects various versions between 5.0 and 8.0sp2, allowing unauthenticated attackers to exploit the wpsAssistServlet interface. The vulnerability arises from improper validation of the realFileType and fileId parameters during multipart file uploads, which can be manipulated for path traversal attacks. Successful exploitation allows attackers to upload crafted JSP files to unintended directories on the server, enabling remote code execution as these files can subsequently be accessed and executed via the web server.

Affected Version(s)

OA 5.0

OA 5.1 <= 5.6sp1

OA 6.0 <= 6.1sp2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34040 - Proof of Concept

References

https://service.seeyon.com/patchtools/tp.html#/patchList?...
vendor-advisorypatch
https://www.cnblogs.com/pursue-security/p/17677130.html
exploittechnical-description
https://www.cnvd.org.cn/flaw/show/CNVD-2021-01627
third-party-advisory

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pursue Security
.
CVE-2025-34040 : Arbitrary File Upload Vulnerability in Zhiyuan OA Platform by Seeyon