CVE-2025-11221

Name of the Vulnerable Software and Affected Versions GTONE ChangeFlow versions through 9.0.1.1

Description The software contains issues related to improper limitation of a pathname to a restricted directory (Path Traversal) and unrestricted upload of files with dangerous types. These issues can lead to path traversal and unauthorized access to functionality not properly constrained by Access Control Lists (ACLs). The combination of these issues creates a significant security risk.

Recommendations Versions prior to 9.0.1.1 should be updated. Block external access to the application. Monitor file uploads closely. Verify and enforce proper ACL constraints.