CVE-2025-9402

Name of the Vulnerable Software and Affected Versions: HuangDou UTCMS version 9

Description: A server-side request forgery issue exists due to manipulation of the UPDATEURL argument within the app/modules/ut-frame/admin/update.php file of the Config Handler component. This allows for remote exploitation. The exploit has been made public. The vendor was contacted but did not respond.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.