Unauthenticated File Upload Vulnerability in Dongsheng Logistics Software
CVE-2025-34163

10CRITICAL

Key Information:

Vendor

Qingdao Dongsheng Weiye Software Co., Ltd.

Status
Dongsheng Logistics Software
Vendor
CVE Published:
27 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-34163?

Dongsheng Logistics Software includes an unauthenticated endpoint at /CommMng/Print/UploadMailFile, which lacks proper file type validation and access controls. This vulnerability allows attackers to upload arbitrary files, including potentially harmful executable scripts, via crafted multipart/form-data POST requests. Successful exploitation could lead to remote code execution on the server, posing a significant security risk. It is crucial for users of Dongsheng Logistics Software to ensure they are on updated versions to avoid exposure to this vulnerability, which impacts builds released before July 2025.

Affected Version(s)

Dongsheng Logistics Software *

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34163 - Proof of Concept

References

https://cn-sec.com/archives/4243708.html
technical-descriptionexploit
http://www.dongshengsoft.com/
productpatch
https://www.vulncheck.com/advisories/dongsheng-logisitics...
third-party-advisory

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Qian'an Security
.
CVE-2025-34163 : Unauthenticated File Upload Vulnerability in Dongsheng Logistics Software