PT-2025-33628 · Acrel · Environmental Monitoring Cloud Platform
Notion.So
·
Published
2025-08-18
·
Updated
2025-08-18
·
CVE-2025-9099
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Acrel Environmental Monitoring Cloud Platform versions prior to 20250805
Description:
A vulnerability exists in Acrel Environmental Monitoring Cloud Platform up to version 20250804. The issue affects an unknown part of the
/NewsManage/UploadNewsImg file. Manipulation of the File argument allows for unrestricted file uploads, and the attack can be initiated remotely. The exploit has been publicly disclosed and may be used. The vendor was contacted regarding this disclosure but did not respond.Recommendations:
Versions prior to 20250805 should be updated.
As a temporary workaround, restrict access to the
/NewsManage/UploadNewsImg file to minimize the risk of exploitation.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Environmental Monitoring Cloud Platform