CVE-2025-8909

Summary

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

Affected Software

VendorProductVersion RangeStatus
WellChooseOrganization Portal System0 <= IFTOP_P3_2_1_196affected

Weaknesses

  • CWE-36: CWE-36 Absolute Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References