CVE-2026-3025
HIGHShuoRen Smart Heating 1.0.0 - Unrestricted Upload
Title source: llmDescription
A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Exploits (1)
github
WORKING POC
2 stars
by LTX-GOD · poc
https://github.com/LTX-GOD/Mycve/tree/main/CVE-2026-3025.md
Scores
CVSS v3
7.3
EPSS
0.0005
EPSS Percentile
15.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-284
CWE-434
Status
published
Products (1)
shuoren/smart_heating_integrated_management_platform
1.0.0
Published
Feb 23, 2026
Tracked Since
Feb 23, 2026