CVE-2025-0225

Name of the Vulnerable Software and Affected Versions Tsinghua Unigroup Electronic Archives System version 3.2.210802(62532)

Description A problematic vulnerability was found in the Tsinghua Unigroup Electronic Archives System. The issue affects an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the name argument leads to path traversal, allowing an attacker to access files outside the intended directory using '../filedir'. This attack can be launched remotely. The exploit has been publicly disclosed and may be used.

Recommendations For Tsinghua Unigroup Electronic Archives System version 3.2.210802(62532), consider restricting access to the /setting/ClassFy/exampleDownload.html file until a patch is available. As a temporary workaround, avoid using the name argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.