CNNVD-202508-3626 Information
Aug 29, 2025
cve
CNNVD ID
CNNVD-202508-3626
Related CVE
- CNNVD Published: 2025-08-29
Description (Chinese)
Xinhu RockOA是中国信呼(Xinhu)公司的一个办公OA系统。 Xinhu RockOA 2.6.9及之前版本存在安全漏洞,该漏洞源于文件/index.php中函数publicsaveAjax存在授权不当问题。
Description (English)
Xinhu RockOA is an OA office system of Xinhu China. Xinhu RockOA 2.6.9 and previous versions had a security loophole, which originated from the misauthorization of the document/index.php function publicsaveAjax.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
信呼
Published
2025-08-29
Last Modified
2026-02-24
References
https://github.com/rainrocka/xinhu/issues/9#issue-3327894144 https://vuldb.com/?submit.636383 https://vuldb.com/?id.321778 https://vuldb.com/?ctiid.321778 https://nvd.nist.gov/vuln/detail/CVE-2025-9602
Patch
http://www.rockoa.com/view_down.html
Share on: