CNNVD-202511-408 Information

CNNVD ID

CNNVD-202511-408

Related CVE

CVE-2025-63601

• CNNVD Published: 2025-11-05

Description (Chinese)

Snipe-IT是Grokability开源的一套开源IT资产/许可证管理系统。 Snipe-IT 8.3.3之前版本存在安全漏洞，该漏洞源于允许经过身份验证的攻击者上传包含任意文件的恶意备份文件并执行系统命令，可能导致远程代码执行。

Description (English)

Snipe-IT is an open-source IT asset/licence management system for the open source of Grokability. The previous version of Snipe-IT 8.3.3 had a security loophole, which stemmed from allowing the identity-verified assailants to upload malicious backup files containing any document and implement system orders, which could lead to remote code enforcement.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Grokability

Published

2025-11-05

Last Modified

2026-02-24

References

https://github.com/grokability/snipe-it/releases/tag/v8.3.3 https://github.com/grokability/snipe-it/pull/17966 https://access.redhat.com/security/cve/cve-2025-63601

Patch

https://snipeitapp.com/download