CVE-2025-5714

A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/lfparizzi/CVE-SolucoesCoop
https://github.com/lfparizzi/CVE-SolucoesCoop?tab=readme-ov-file#path-traversal-and-forced-navigation-abuse
https://vuldb.com/?ctiid.311235
https://vuldb.com/?id.311235
https://vuldb.com/?submit.579509

Configurations

No configuration.

History

06 Jun 2025, 14:07

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en SoluçõesCoop iSoluçõesWEB hasta la versión 20250516. Se ha clasificado como problemática. Afecta a una parte desconocida del archivo /sys/up.upload.php del componente Profile Information Update. La manipulación del argumento "nomeArquivo" provoca un path traversal. Es posible iniciar el ataque de forma remota. El exploit se ha divulgado públicamente y podría utilizarse. Se recomienda actualizar el componente afectado.

06 Jun 2025, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-06 04:15

Updated : 2025-06-06 14:07

NVD link : CVE-2025-5714

Mitre link : CVE-2025-5714

CVE.ORG link : CVE-2025-5714

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-5714", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-06T04:15:54.847", "references": [{"url": "https://github.com/lfparizzi/CVE-SolucoesCoop", "source": "cna@vuldb.com"}, {"url": "https://github.com/lfparizzi/CVE-SolucoesCoop?tab=readme-ov-file#path-traversal-and-forced-navigation-abuse", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.311235", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.311235", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.579509", "source": "cna@vuldb.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Solu\u00e7\u00f5esCoop iSolu\u00e7\u00f5esWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Solu\u00e7\u00f5esCoop iSolu\u00e7\u00f5esWEB hasta la versi\u00f3n 20250516. Se ha clasificado como problem\u00e1tica. Afecta a una parte desconocida del archivo /sys/up.upload.php del componente Profile Information Update. La manipulaci\u00f3n del argumento \"nomeArquivo\" provoca un path traversal. Es posible iniciar el ataque de forma remota. El exploit se ha divulgado p\u00fablicamente y podr\u00eda utilizarse. Se recomienda actualizar el componente afectado."}], "lastModified": "2025-06-06T14:07:28.330", "sourceIdentifier": "cna@vuldb.com"}