Information Disclosure Vulnerability in Shenzhen Sixun Software's Business Management System
CVE-2025-4281

5.3MEDIUM

Key Information:

Vendor
Shenzhen Sixun Software
Status
Sixun Shanghui Group Business Management System
Vendor
CVE Published:
5 May 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability has been discovered in Shenzhen Sixun Software's Business Management System version 7, specifically within the file /api/GylOperator/LoadData. This weakness allows for unauthorized information disclosure, potentially exposing sensitive data. An attacker can exploit this flaw remotely, posing a significant risk to organizations using this system. The exploitation details have been publicly disclosed, increasing the necessity for immediate mitigation measures.

Affected Version(s)

Sixun Shanghui Group Business Management System 7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-4281 - Proof of Concept

References

https://vuldb.com/?id.307389
vdb-entry
https://vuldb.com/?ctiid.307389
signaturepermissions-required
https://vuldb.com/?submit.563515
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

yaozhangYiqiyin (VulDB User)
.
CVE-2025-4281 : Information Disclosure Vulnerability in Shenzhen Sixun Software's Business Management System | SecurityVulnerability.io