CVE-2025-34040

Name of the Vulnerable Software and Affected Versions: Zhiyuan OA versions 5.0 Zhiyuan OA versions 5.1 through 5.6sp1 Zhiyuan OA versions 6.0 through 6.1sp2 Zhiyuan OA version 7.0 Zhiyuan OA versions 7.0sp1 through 7.1 Zhiyuan OA version 7.1sp1 Zhiyuan OA versions 8.0 through 8.0sp2

Description: An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server.

Recommendations: Zhiyuan OA version 5.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Zhiyuan OA versions 5.1 through 5.6sp1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Zhiyuan OA versions 6.0 through 6.1sp2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Zhiyuan OA version 7.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Zhiyuan OA versions 7.0sp1 through 7.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Zhiyuan OA version 7.1sp1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Zhiyuan OA versions 8.0 through 8.0sp2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.