CNNVD-202510-2634 Information

CNNVD ID

CNNVD-202510-2634

Related CVE

CVE-2025-31342

• CNNVD Published: 2025-10-20

Description (Chinese)

Galaxy Software Services Vitals ESP是中国叡扬资讯（Galaxy Software Services）公司的一个用于办公的知识管理系统。 Galaxy Software Services Vitals ESP 1.3及之前版本存在安全漏洞，该漏洞源于上传文件功能未限制危险文件类型，可能导致远程认证用户通过恶意文件执行任意系统命令。

Description (English)

Galaxy Software Services Vitals ESP is a knowledge management system for offices of the Chinese company Galaxy Software Services. There is a security loophole in Galaxy Software Services Vitals ESP 1.3 and earlier versions, which stems from the fact that the uploading function does not limit the type of dangerous document and may result in remote authentication users executing arbitrary system orders through malicious documents.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

叡扬资讯

Published

2025-10-20

Last Modified

2026-02-24

References

https://zuso.ai/advisory