VDB-304975 · CVE-2025-3686 · Issue 10

misstt123 oasys 1.0 /show image ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu misstt123 oasys 1.0 keessatti argameera. Miidhaan irra gahe is hojii image faayilii /show keessa. Dhugumatti jijjiirraa gara ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-22 si geessa. Beekumsi kun yeroo 04/16/2025 ifoomsifameera akka 10. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-3686 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Odeeffannoon kun rolling release fayyadama, kanaaf tamsaasa itti fufinsa qabu ni kenna. Kanaaf, odeeffannoon version miidhamte fi kan haaromfame hin argamu. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

2 ଆଡାପ୍ଟେସନ୍ · 88 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 04/16/2025 03:26 AM	ଅଦ୍ୟତନ 1/1 06/25/2025 09:20 PM
software_vendor	misstt123	misstt123
software_name	oasys	oasys
software_version	1.0	1.0
software_rollingrelease	1	1
software_file	/show	/show
software_function	image	image
vulnerability_cwe	CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)	CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	N	N
cvss3_vuldb_a	N	N
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_identifier	10	10
advisory_url	https://github.com/misstt123/oasys/issues/10	https://github.com/misstt123/oasys/issues/10
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://github.com/misstt123/oasys/issues/10	https://github.com/misstt123/oasys/issues/10
source_cve	CVE-2025-3686	CVE-2025-3686
cna_responsible	VulDB	VulDB
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	N	N
cvss2_vuldb_ai	N	N
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	L	L
cvss4_vuldb_vi	N	N
cvss4_vuldb_va	N	N
cvss4_vuldb_e	P	P
cvss2_vuldb_au	S	S
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_pr	L	L
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	4.0	4.0
cvss2_vuldb_tempscore	3.4	3.4
cvss3_vuldb_basescore	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9
cvss3_meta_basescore	4.3	4.3
cvss3_meta_tempscore	3.9	4.1
cvss4_vuldb_bscore	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1
advisory_date	1744754400 (04/16/2025)	1744754400 (04/16/2025)
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as problematic was found in misstt123 oasys 1.0. Affected by this vulnerability is the function image of the file /show. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
cve_nvd_summaryes		Se encontró una vulnerabilidad clasificada como problemática en misstt123 oasys 1.0. Esta vulnerabilidad afecta la imagen de función del archivo /show. La manipulación provoca un Path Traversal. El ataque puede ejecutarse remotamente. Se ha hecho público el exploit y puede que sea utilizado. Este producto no utiliza control de versiones. Por ello, no se dispone de información sobre las versiones afectadas y no afectadas.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		L
cvss4_cna_ui		N
cvss4_cna_vc		L
cvss4_cna_vi		N
cvss4_cna_va		N
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		5.3
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		L
cvss3_cna_i		N
cvss3_cna_a		N
cvss3_cna_basescore		4.3
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		S
cvss2_cna_ci		P
cvss2_cna_ii		N
cvss2_cna_ai		N
cvss2_cna_basescore		4

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!