CVE-2025-1555

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Feb 21, 2025

Updated: Feb 24, 2025

CWE ID 434

CWE ID 284

Summary

CVE-2025-1555 is a critical vulnerability identified in hzmanyun Education and Training System version 3.1.1. This issue allows for unrestricted image uploads due to a manipulation of the file argument in the saveImage function. The vulnerability can be exploited remotely, meaning an attacker does not need to have local access to initiate the attack. The exploit for this vulnerability has been made public, increasing the risk of potential attacks. Despite early disclosure to the vendor, they have not responded or taken any action to address the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3lj5zt
https://www.cve.org/CVERecord?id=CVE-2025-1555
https://nvd.nist.gov/vuln/detail/CVE-2025-1555

Back to Vulnerability Database

CVE-2025-1555

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations