ssm-erp 1.0 Path Traversal via handleFileDownload (FileHandler)
CVE-2025-4530 Published on May 11, 2025
feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal
A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2025-4530 has been classified to as a Directory traversal vulnerability or weakness.
Affected Versions
feng_ha_ha ssm-erp:- Version 1.0 is affected.
- Version 1.0 is affected.
- Version 1.0 is affected.
- Version 1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.