Unrestricted File Upload Vulnerability in Qiyuesuo Electronic Signature Platform
CVE-2025-8775

5.3MEDIUM

Key Information:

Vendor

Qiyuesuo

Status
Eelectronic Signature Platform
Vendor
CVE Published:
9 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8775?

A vulnerability exists in the Qiyuesuo Electronic Signature Platform where the Scheduled Task Handler's execute function allows for unrestricted file uploads through the /api/code/upload endpoint. This flaw can be exploited remotely, potentially leading to significant security breaches as unauthorized files can be uploaded and executed. The situation is aggravated by the vendor's lack of response to early disclosure attempts, increasing the risk for users. It is crucial for organizations using version 4.34 or earlier to evaluate their security posture and implement mitigations.

Affected Version(s)

Eelectronic Signature Platform 4.0

Eelectronic Signature Platform 4.1

Eelectronic Signature Platform 4.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8775 - Proof of Concept

References

https://vuldb.com/?id.319298
vdb-entrytechnical-description
https://vuldb.com/?ctiid.319298
signaturepermissions-required
https://vuldb.com/?submit.625551
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

nn0nkey (VulDB User)
.
CVE-2025-8775 : Unrestricted File Upload Vulnerability in Qiyuesuo Electronic Signature Platform