{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-10709","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-09-19T06:02:37.523Z","datePublished":"2025-09-19T12:02:06.717Z","dateUpdated":"2025-09-19T13:05:47.926Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-09-19T12:02:06.717Z"},"title":"Four-Faith Water Conservancy Informatization Platform historyDownload.do;otheruserLogin.do;getfile path traversal","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-22","lang":"en","description":"Path Traversal"}]}],"affected":[{"vendor":"Four-Faith","product":"Water Conservancy Informatization Platform","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this issue is some unknown functionality of the file /history/historyDownload.do;otheruserLogin.do;getfile. The manipulation of the argument fileName results in path traversal. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Es wurde eine Schwachstelle in Four-Faith Water Conservancy Informatization Platform 1.0 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /history/historyDownload.do;otheruserLogin.do;getfile. Dank Manipulation des Arguments fileName mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Es ist möglich, den Angriff aus der Ferne durchzuführen. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-09-19T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-09-19T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-09-19T08:07:44.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"abc_123456 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.324997","name":"VDB-324997 | Four-Faith Water Conservancy Informatization Platform historyDownload.do;otheruserLogin.do;getfile path traversal","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.324997","name":"VDB-324997 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.644874","name":"Submit #644874 | Four-Faith Water Conservancy Informatization Platform V1.0 Path Traversal","tags":["third-party-advisory"]},{"url":"https://github.com/Cstarplus/CVE/issues/5","tags":["exploit","issue-tracking"]}]},"adp":[{"references":[{"url":"https://github.com/Cstarplus/CVE/issues/5","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-19T13:05:44.895545Z","id":"CVE-2025-10709","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-19T13:05:47.926Z"}}]}}