How severe is CVE-2025-0390?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2025-0390?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2025-0390 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.

Related Vulnerabilities

CVE-2018-18990

MEDIUM

CVSS:5.3(Medium)

LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information u...

CWE-232018

CVE-2019-13944

MEDIUM

CVSS:5.3(Medium)

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All vers...

CWE-232019

CVE-2021-29488

MEDIUM

CVSS:5.3(Medium)

SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Downloa...

CWE-232021

CVE-2021-32964

MEDIUM

CVSS:5.3(Medium)

The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system.

CWE-232021

CVE-2022-42892

MEDIUM

CVSS:5.3(Medium)

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that coul...

CWE-232022

CVE-2024-24938

MEDIUM

CVSS:5.3(Medium)

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation

CWE-232024