CVE-2025-9639

Summary

The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

Affected Software

VendorProductVersion RangeStatus
Ai3QbiCRMGateway7.5.1 <= 8.5.03affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References