CVE-2025-9650

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions yeqifu carRental versions prior to 3fabb7eae93d209426638863980301d6f99866b3

Description A path traversal issue exists in the removeFileByPath function within the src/main/java/com/yeqifu/sys/utils/AppFileUtils.java file. The manipulation of the carimg argument allows for path traversal, and the issue is remotely exploitable. The exploit has been publicly disclosed.

Recommendations Update yeqifu carRental to a version prior to 3fabb7eae93d209426638863980301d6f99866b3. As a temporary workaround, consider restricting access to the removeFileByPath function until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-9650

Affected Products

Yeqifu Carrental

CVE-2025-9650

Weakness Enumeration

Related Identifiers

Affected Products

References · 7