CVE-2025-15227

Summary

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Affected Software

VendorProductVersion RangeStatus
WELLTEND TECHNOLOGYBPMFlowWebkit0 < 5.0.5affected

Weaknesses

  • CWE-36: CWE-36 Absolute Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References