How severe is CVE-2025-4333?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2025-4333?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-4333

MEDIUM Year: 2025

CVSS v3 Score

6.3

Medium

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the argument uploadFile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

CVE-2015-6933

MEDIUM

CVSS:6.3(Medium)

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allo...

CWE-2842015

CVE-2016-0914

MEDIUM

CVSS:6.3(Medium)

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Doc...

CWE-2842016

CVE-2016-1200

MEDIUM

CVSS:6.3(Medium)

The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-11...

CWE-2842016

CVE-2016-1638

MEDIUM

CVSS:6.3(Medium)

extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass inten...

CWE-2842016

CVE-2016-2277

MEDIUM

CVSS:6.3(Medium)

IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.

CWE-2842016

CVE-2016-5601

MEDIUM

CVSS:6.3(Medium)

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors re...

CWE-2842016

CVE-2025-4333

Vulnerability Description

Related Vulnerabilities

CVE-2015-6933

CVE-2016-0914

CVE-2016-1200

CVE-2016-1638

CVE-2016-2277

CVE-2016-5601