Arbitrary File Upload in Zhiyuan OA via wpsAssistServlet (before 8.0sp2)
CVE-2025-34040 Published on June 24, 2025

Seeyon Zhiyuan OA System Path Traversal File Upload
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-01 UTC.

Vendor Advisory NVD

Weakness Types

What is an Unrestricted File Upload Vulnerability?

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVE-2025-34040 has been classified to as an Unrestricted File Upload vulnerability or weakness.

What is a Directory traversal Vulnerability?

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE-2025-34040 has been classified to as a Directory traversal vulnerability or weakness.


Affected Versions

Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.) Zhiyuan OA Web Application System:

Exploit Probability

EPSS
14.83%
Percentile
94.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.