CVE-2025-14697

LOW

Shenzhen Sixun Software Sixun Shanghui Group Business Management Sy...

Title source: llm

Description

A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotely. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

[Permissions Required, VDB Entry] https://vuldb.com/?id.336415

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.336415

[Permissions Required, VDB Entry] https://vuldb.com/?submit.705619

[Issue Tracking] https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/2

[Issue Tracking] https://github.com/zhangbuneng/Sissyun-Shanghui-7-Unauthorized-password-modificationfication-vulnerability./issues/2#issue-3689006583

Scores

CVSS v3 3.7

EPSS 0.0006

EPSS Percentile 17.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-425 CWE-552

Status published

Products (1)

Shenzhen Sixun Software/Sixun Shanghui Group Business Management System 4.10.24.3

Published Dec 15, 2025

Tracked Since Feb 18, 2026