PT-2025-40894 · Four Faith · Four-Faith Water Conservancy Informatization Platform

Asuka13

Published

2025-10-06

Updated

2025-10-06

CVE-2025-11337

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Four-Faith Water Conservancy Informatization Platform versions prior to 2.3

Description A path traversal issue exists in Four-Faith Water Conservancy Informatization Platform. The issue affects files including /aloneReport/index.do/../../aloneReport/download.do;othersusrlogout.do. Manipulation of the fileName argument can lead to path traversal. The attack can be initiated remotely. The exploit is publicly available.

Recommendations Update to a version prior to 2.3 to address this issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-11337

Affected Products

Four-Faith Water Conservancy Informatization Platform

CVE-2025-11337

Weakness Enumeration

Related Identifiers

Affected Products

References · 8