Arbitrary File Reading Vulnerability in eHRD CTMS by Sunnet
CVE-2025-9570

6.9MEDIUM

Key Information:

Vendor: Sunnet
Status: Ehrd Ctms
Vendor: CVE Published:; 1 September 2025

What is CVE-2025-9570?

The eHRD CTMS developed by Sunnet is vulnerable to an Arbitrary File Reading flaw. This vulnerability allows remote attackers, who possess administrator privileges, to exploit Relative Path Traversal, enabling them to access and download sensitive system files without authorization. Organizations utilizing affected versions of eHRD CTMS should promptly apply available patches to mitigate this risk and protect their systems from potential exploitation.

Affected Version(s)

eHRD CTMS 0

References

https://www.twcert.org.tw/tw/cp-132-10356-ea431-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10357-7de41-2.html

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2025
Vulnerability Reserved
Aug 28, 2025

CVE-2025-9570 Data

JSON