Four Faith · Four-Faith Water Conservancy Informatization Platform · CVE-2025-11337
**Name of the Vulnerable Software and Affected Versions**
Four-Faith Water Conservancy Informatization Platform versions prior to 2.3
**Description**
A path traversal issue exists in Four-Faith Water Conservancy Informatization Platform. The issue affects files including /aloneReport/index.do/../../aloneReport/download.do;othersusrlogout.do. Manipulation of the `fileName` argument can lead to path traversal. The attack can be initiated remotely. The exploit is publicly available.
**Recommendations**
Update to a version prior to 2.3 to address this issue.