CVE-2025-9257

Summary

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

Affected Software

VendorProductVersion RangeStatus
UniongWebITR0 <= 2_1_0_32affected

Weaknesses

  • CWE-36: CWE-36 Absolute Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References