{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-3025","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-02-23T13:59:09.845Z","datePublished":"2026-02-23T20:02:07.178Z","dateUpdated":"2026-02-25T15:02:50.887Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-23T20:02:07.178Z"},"title":"ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"Unrestricted Upload"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"ShuoRen","product":"Smart Heating Integrated Management Platform","versions":[{"version":"1.0.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-02-23T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-02-23T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-02-23T15:04:31.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"zsmaaa (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.347381","name":"VDB-347381 | ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.347381","name":"VDB-347381 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.756376","name":"Submit #756376 | 北京硕人时代科技股份有限公司 北京硕人时代智慧供热平台 1.0.0 未登录下文件上传以及下载","tags":["third-party-advisory"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-25T15:02:27.226123Z","id":"CVE-2026-3025","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-25T15:02:50.887Z"}}]}}