CVE-2025-7625 Information
Description
A vulnerability which was classified as critical was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function Download of the file /download. The manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore no version details of affected nor updated releases are available.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Reference
https://github.com/YiJiuSmile/kkFileViewOfficeEdit/issues/12 https://vuldb.com/?ctiid.316326 https://vuldb.com/?id.316326 https://vuldb.com/?submit.609076 A vulnerability which was classified as critical was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. Affected is the function Download of the file /download. The manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore no version details of affected nor updated releases are available.
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
4.3
Related CNNVD
CNNVD-202507-1911 (Published: 2025-07-14)
Share on: