How severe is CVE-2025-4530?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2025-4530?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2025-4530 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

Related Vulnerabilities

CVE-2013-6785

MEDIUM

CVSS:4.3(Medium)

Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.

CWE-222013

CVE-2014-9014

MEDIUM

CVSS:4.3(Medium)

Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrar...

CWE-222014

CVE-2014-9767

MEDIUM

CVSS:4.3(Medium)

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3...

CWE-222014

CVE-2015-0269

MEDIUM

CVSS:4.3(Medium)

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecif...

CWE-222015

CVE-2015-5174

MEDIUM

CVSS:4.3(Medium)

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager ...

CWE-222015

CVE-2015-8309

MEDIUM

CVSS:4.3(Medium)

Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."

CWE-222015