CVE-2025-63738

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0

Description An issue exists in the index.php file of Xinhu Rainrock RockOA version 2.7.0 that allows attackers to obtain sensitive information. This is achieved by exploiting the phpinfo function through the a parameter within the index.php file. The a parameter is a vulnerable variable used in the request to the ''index.php'' endpoint.

Recommendations Update to a newer version of Xinhu Rainrock RockOA that addresses this issue. As a temporary workaround, restrict access to the index.php file. Avoid using the a parameter in the ''index.php'' endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-98

Related Identifiers

CVE-2025-63738

Affected Products

Rockoa

CVE-2025-63738

Weakness Enumeration

Related Identifiers

Affected Products

References · 4