{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-8852","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-08-10T19:08:43.105Z","datePublished":"2025-08-11T14:02:05.671Z","dateUpdated":"2025-08-11T15:36:58.682Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-08-11T14:02:05.671Z"},"title":"WuKongOpenSource WukongCRM API Response upload information exposure","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-209","lang":"en","description":"Information Exposure Through Error Message"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-200","lang":"en","description":"Information Disclosure"}]}],"affected":[{"vendor":"WuKongOpenSource","product":"WukongCRM","versions":[{"version":"11.0","status":"affected"}],"modules":["API Response Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Dabei betrifft es einen unbekannter Codeteil der Datei /adminFile/upload der Komponente API Response Handler. Durch das Beeinflussen mit unbekannten Daten kann eine information exposure through error message-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-08-10T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-08-10T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-08-10T21:13:47.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"meraklbz (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.319383","name":"VDB-319383 | WuKongOpenSource WukongCRM API Response upload information exposure","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.319383","name":"VDB-319383 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.624693","name":"Submit #624693 | WuKongOpenSource WukongCRM v11.0 System Path Disclosure(CWE-209)","tags":["third-party-advisory"]},{"url":"https://github.com/WuKongOpenSource/WukongCRM-11.0-JAVA/issues/26","tags":["issue-tracking"]},{"url":"https://github.com/WuKongOpenSource/WukongCRM-11.0-JAVA/issues/26#issue-3272864284","tags":["exploit","issue-tracking"]}]},"adp":[{"references":[{"url":"https://github.com/WuKongOpenSource/WukongCRM-11.0-JAVA/issues/26","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-11T15:14:03.438772Z","id":"CVE-2025-8852","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-11T15:36:58.682Z"}}]}}