CVE-2025-11139

Name of the Vulnerable Software and Affected Versions Bjskzy Zhiyou ERP versions prior to 11.0

Description A path traversal issue exists in Bjskzy Zhiyou ERP. The uploadStudioFile function within the com.artery.form.services.FormStudioUpdater component is affected. Manipulation of the filepath argument can lead to path traversal. Remote exploitation is possible, and the exploit has been publicly disclosed. The vendor was notified but did not respond.

Recommendations Update Bjskzy Zhiyou ERP to a version later than 11.0. As a temporary workaround, restrict access to the uploadStudioFile function until a patch is available.