Information Disclosure in Gosuncn Technology Group Audio-Visual Integrated Management Platform
CVE-2025-4536

6.9MEDIUM

Key Information:

Vendor

Gosuncn Technology Group

Status
Audio-visual Integrated Management Platform
Vendor
CVE Published:
11 May 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-4536?

A security flaw has been identified in the Gosuncn Technology Group's Audio-Visual Integrated Management Platform, specifically within the functionality associated with the file /sysmgr/user/listByPage. This vulnerability allows unauthorized access to sensitive information, potentially enabling attackers to exploit the system remotely. Although the vendor was notified about this issue, no response has been received. The public disclosure of this exploit raises significant concerns for users of the platform, highlighting the necessity for prompt action to mitigate associated risks.

Affected Version(s)

Audio-Visual Integrated Management Platform 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-4536 - Proof of Concept

References

https://vuldb.com/?id.308281
vdb-entry
https://vuldb.com/?ctiid.308281
signaturepermissions-required
https://vuldb.com/?submit.566425
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

wiki (VulDB User)
.
CVE-2025-4536 : Information Disclosure in Gosuncn Technology Group Audio-Visual Integrated Management Platform