CNNVD-202509-1564 Information

CNNVD ID

CNNVD-202509-1564

Related CVE

CVE-2025-41714

• CNNVD Published: 2025-09-10

Description (Chinese)

Welotec SmartEMS Web Application是德国Welotec公司的一个具有能源管理与监控功能的基于Web的应用程序。 Welotec SmartEMS Web Application存在路径遍历漏洞，该漏洞源于上传端点验证不足，可能导致任意文件写入和远程代码执行。

Description (English)

Welotec SmartEMS Web Application is a Web-based application with energy management and monitoring functions at Welotec, Germany. Welotec SmartEMS Web Application has a loophole in its path, which results from insufficient upload peer validation, which may lead to any file writing and remote code execution.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Welotec

Published

2025-09-10

Last Modified

2026-02-24

References

https://certvde.com/de/advisories/VDE-2025-085

Patch

https://welotec.com/en-us/products/smart-ems