CVE-2025-8775

Name of the Vulnerable Software and Affected Versions: Qiyuesuo Eelectronic Signature Platform versions up to 4.34

Description: A critical issue exists in Qiyuesuo Eelectronic Signature Platform, potentially allowing for unrestricted file uploads. The execute function within the /api/code/upload file of the Scheduled Task Handler component is affected. Manipulation of the File argument can lead to exploitation. The exploit has been publicly disclosed.

Recommendations: Versions prior to 4.34: As a temporary workaround, consider restricting access to the /api/code/upload endpoint until a patch is available. Versions prior to 4.34: Avoid uploading untrusted files through the affected endpoint.