CVE-2025-34040
CRITICAL EXPLOITED NUCLEIZhiyuan OA - RCE
Title source: llmDescription
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-01 UTC.
Exploits (2)
exploitdb
WORKING POC
by Beatriz Fresno Naumova · textwebappsmultiple
https://www.exploit-db.com/exploits/52490
Nuclei Templates (1)
Zhiyuan OA Platform - Arbitrary File Upload
CRITICALVERIFIEDby iamnoooob,pdresearch
FOFA:
body="seeyon/index.jsp"
References (4)
Scores
CVSS v4
10.0
EPSS
0.0590
EPSS Percentile
90.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Details
VulnCheck KEV
2025-06-23
CWE
CWE-22
CWE-434
Status
published
Products (7)
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)/Zhiyuan OA Web Application System
5.0
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)/Zhiyuan OA Web Application System
5.1 - 5.6sp1
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)/Zhiyuan OA Web Application System
6.0 - 6.1sp2
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)/Zhiyuan OA Web Application System
7.0
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)/Zhiyuan OA Web Application System
7.0sp1 - 7.1
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)/Zhiyuan OA Web Application System
7.1sp1
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)/Zhiyuan OA Web Application System
8.0 - 8.0sp2
Published
Jun 24, 2025
Tracked Since
Feb 18, 2026