CVE-2025-4531

Name of the Vulnerable Software and Affected Versions Seeyon Zhiyuan OA Web Application System version 8.1 SP2

Description A critical issue affects the function postData of the file ROOTWEB-INFclassescomourswwwehrsalaryservicedataEhrSalaryPayrollServiceImpl.class of the component Beetl Template Handler. The manipulation of the argument payrollId leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations As a temporary workaround, consider disabling the postData function of the EhrSalaryPayrollServiceImpl.class file until a patch is available. Restrict access to the Beetl Template Handler component to minimize the risk of exploitation. Avoid using the argument payrollId in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.