CVE-2025-13771

Summary

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

Affected Software

VendorProductVersion RangeStatus
UniongWebITR0 <= 2_1_0_33affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References