How severe is CVE-2025-2707?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2025-2707?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2025-2707 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of the file /app-api/infra/file/upload of the component Front-End Store Interface. The manipulation of the argument path leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2018-14654

MEDIUM

CVSS:5.4(Medium)

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_...

CWE-222018

CVE-2019-14362

MEDIUM

CVSS:5.4(Medium)

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewA...

CWE-222019

CVE-2019-5936

MEDIUM

CVSS:5.4(Medium)

Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.

CWE-222019

CVE-2020-15941

MEDIUM

CVSS:5.4(Medium)

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete ...

CWE-222020

CVE-2020-4209

MEDIUM

CVSS:5.4(Medium)

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc...

CWE-222020

CVE-2021-25367

MEDIUM

CVSS:5.4(Medium)

Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.

CWE-222021