CNNVD-202506-2016 Information

CNNVD ID

CNNVD-202506-2016

Related CVE

CVE-2025-34508

• CNNVD Published: 2025-06-17

Description (Chinese)

ZendTo是英国ZendTo公司的一套基于Web的文件传输系统。 ZendTo 6.15-7及之前版本存在安全漏洞，该漏洞源于文件投递功能存在路径遍历，可能导致检索其他用户文件或主机系统文件，或导致拒绝服务。

Description (English)

Zendto is a Web-based file transfer system for Zendto, a British company. There is a security loophole in ZendTo 6.15-7 and earlier versions, which stems from the fact that the file delivery function has a routing, which may lead to the retrieval of other user files or host system files, or lead to the denial of services.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

ZendTo

Published

2025-06-17

Last Modified

2026-02-24

References

https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/ https://nvd.nist.gov/vuln/detail/CVE-2025-34508 https://access.redhat.com/security/cve/cve-2025-34508

Patch

https://zend.to/downloads