CVE Daily

CVE-2025-8912

Organization Portal System developed by WellChoose has an Arbitrary File Reading...

High CVSS 7.5

Overview

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

CWE: CWE-36 Published: 2025-08-13T10:15:26.257
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: path (tag impact: MODERATE)

Recommended actions:

  • Canonicalize path; block `..` traversal; use allowlists.

Recommended tools

Tags