Acrel · Environmental Monitoring Cloud Platform · CVE-2025-9099
Name of the Vulnerable Software and Affected Versions:
Acrel Environmental Monitoring Cloud Platform versions prior to 20250805
Description:
A vulnerability exists in Acrel Environmental Monitoring Cloud Platform up to version 20250804. The issue affects an unknown part of the `/NewsManage/UploadNewsImg` file. Manipulation of the `File` argument allows for unrestricted file uploads, and the attack can be initiated remotely. The exploit has been publicly disclosed and may be used. The vendor was contacted regarding this disclosure but did not respond.
Recommendations:
Versions prior to 20250805 should be updated.
As a temporary workaround, restrict access to the `/NewsManage/UploadNewsImg` file to minimize the risk of exploitation.