CVE-2025-7625

Name of the Vulnerable Software and Affected Versions: YiJiuSmile kkFileViewOfficeEdit (affected versions not specified)

Description: A critical issue exists in the Download function of the /download API endpoint in YiJiuSmile kkFileViewOfficeEdit. Manipulation of the url argument can lead to a path traversal. This issue is remotely exploitable, and details about the exploit have been publicly disclosed. Continuous delivery with rolling releases is used, and no specific version details for affected or updated releases are available.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.