How severe is CVE-2025-5029?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2025-5029?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2025-5029 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the component File Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Related Vulnerabilities

CVE-2018-14654

MEDIUM

CVSS:5.4(Medium)

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_...

CWE-222018

CVE-2019-14362

MEDIUM

CVSS:5.4(Medium)

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewA...

CWE-222019

CVE-2019-5936

MEDIUM

CVSS:5.4(Medium)

Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.

CWE-222019

CVE-2020-15941

MEDIUM

CVSS:5.4(Medium)

A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete ...

CWE-222020

CVE-2020-4209

MEDIUM

CVSS:5.4(Medium)

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc...

CWE-222020

CVE-2021-25367

MEDIUM

CVSS:5.4(Medium)

Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.

CWE-222021