CVE-2025-4530

Name of the Vulnerable Software and Affected Versions feng ha ha/megagao ssm-erp version 1.0 production ssm version 1.0

Description A vulnerability was found in the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

Recommendations For feng ha ha/megagao ssm-erp version 1.0, consider disabling the handleFileDownload function until a patch is available. For production ssm version 1.0, restrict access to the File Handler component to minimize the risk of exploitation. As a temporary workaround, avoid using the FileController.java file in the affected component until the issue is resolved.