CVE-2025-5545

Name of the Vulnerable Software and Affected Versions aaluoxiang oa system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5

Description A problematic vulnerability has been found in aaluoxiang oa system, affecting the image function of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. This vulnerability leads to path traversal and can be initiated remotely. The exploit has been disclosed publicly.

Recommendations As a temporary workaround, consider restricting access to the image function in the ProcedureController.java file until a fix is available. Avoid using the vulnerable image function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.